Skip to content
Linkedin Twitter Facebook Xing
< Back to Overview

How poor management lets the cybersecurity ball get dropped

sap security strategy

Firstly: I’m not a techie, I’m a marketing guy. So, what qualifies me to write a blog article about SAP cybersecurity? Well nothing really except that sometimes an unbiased view on things is helpful. Here’s what I mean…

Clear Business case

When I made my first steps into SAP security a couple of years ago the market scenario was simple: Companies are facing more and more cyber-attacks and therefore must secure their IT landscapes properly. As SAP usually is storing the crown jewels of a company it’s very important to also increase the security posture there. And as SAP is quite different from the rest of the usual IT landscapes this requires specific know-how and solutions that help both: the IT security and the SAP team which is very often focusing on business operations. That’s a simple and clear business case – so far, so good.

Why is SAP Security not high priority?

What I found very interesting was the fact that SAP cybersecurity in many companies is still low priority. I could not understand why this is the case. If companies haven’t been a victim of a successful breach, then cybersecurity from a management point of view is often seen as something that at first glance only costs money but doesn’t bring any value in return. That naive view on such a critical topic from people whose job it is to run and align a company strategically with a perspective of the up-coming 10 years or more – that’s what was most surprising to me when I stepped onto the scene.

Not that this view on things is naive, it’s shortsighted and puts not only the IT infrastructure to high risk but also the whole company’s future including personal data and in the last consequence the jobs of its employees to an absolute unnecessary risk. In short: To not invest in cyber-security at all is wrong. And by investing I don’t just mean money. Investing into SAP security primarily means setting up new processes, giving employees time to learn and execute security-related tasks.

You can’t turn back the clock

This ignorant view reminds me of some people who are living an unhealthy lifestyle, (although they should know better) until the doctor tells them they are suffering from high blood pressure, fat liver or any other serious disease and then they suddenly “wake up” trying to regain their health again with maximum effort but often not the result they wish for.

Instead, prevention has almost always paid out for companies who act smart and invest wisely. Invest wisely into the right SAP cybersecurity solutions that reduces the manual workload from your employees and radically reduces the attack surface of the IT infrastructure and act smart when it comes to implementing security into the backbone of each critical business process. It’s usually more expensive to check the finished product or service for security leaks and fix everything afterwards then if this would’ve been done within the process. So, embedded security speeds up critical processes and increases the security posture from the very beginning.

Conclusion

Cybersecurity in general and SAP security specifically must be a top priority topic for every company – not to do that is bad management. What needs to be decided for every company is how to start this journey and how to shift it slowly from reactive to proactive. Even if companies start with doing anything this is already reducing your attack surface and is way better than doing nothing. As cyber security is no project with a deadline but an ongoing agile process instead, we at SecurityBridge and our dedicated partners are happy to discuss your tailor-made roadmap that fits best.

Reach out if you want to learn more about SecurityBridge Platform for SAP.

Posted by

Till Pleyer
Find recent Security Advisories for SAP©
View Advisory for Feb'22
Whitepaper - Top SAP security mistake to avoid

Looking into securing your SAP landscape? This white-paper tells you the “Top Mistakes to Avoid in SAP Security“. Download it now.

DSAG Jahreskongress 2023

DSAG-Jahreskongress 2023

Alles verändert sich, nichts bleibt wie es ist, die heutige Zeit setzt Flexibilität voraus. Entsprechend wandelbar präsentieren sich DSAG, SAP und das gesamte Ökosystem. Diese Wandlungsfähigkeit steht auch im Fokus des DSAG-Jahreskongress 2023 vom 19.-21. September 2023 in Bremen. Unter dem Motto „Wunderbar wandelbar – Gemeinsam neue Perspektiven schaffen“ freut sich die DSAG wieder darauf, mehr als 5.000 Teilnehmende zu begrüßen. Wagen Sie gemeinsam mit der Interessenvertretung den Blick durch das Kaleidoskop und finden Sie den richtigen Dreh, um zu neuen Blickwinkeln zu gelangen und Veränderungen zu gestalten.
Learn more
NIS 2 webinar

Webinar: NIS2 – Appropriate SAP Application Security Measures

In this webinar Ivan Mans, CTO and Co-founder, SecurityBridge and Steen Schledermann, GRC Advisor, NTT DATA Business Solutions will discuss and demonstrate appropriate SAP application technical, organizational and operational security measures as required by NIS2, involving risk-based approach to continuous security improvements, agile risk mitigation and delegation, as well as SAP security and compliance monitoring.
Learn more
SAP security Patch day

SAP Security Patch Day – May 2023

SAP Security Patch Day
Today is another SAP Security Patch Day. In May 2023, the SAP Response Team released 20 SAP Security Notes, including Evergreen 2622660 Security updates for the browser control Google Chromium delivered with SAP Business Client with HotNews priority. Besides two updated Notes, SAP Security Patch Day May 2023, contains 18 new security updates for the vast SAP Product portfolio while the majority relates to SAP Business Objects.
SAP ABAP Directory Traversal Vulnerability

SAP ABAP Directory Traversal Vulnerability: Risks and Solutions

SAP Vulnerability
SAP developers know that ABAP/4 (Advanced Business Application Programming) is not immune to security vulnerabilities like any other programming language. One significant security risk associated with SAP ABAP is directory traversal vulnerability. In this blog post, we will discuss what a directory traversal vulnerability is, why it is a problem for SAP customers, how it can be exploited, and what measures to take to prevent it.