How poor management lets the cybersecurity ball get dropped

sap security strategy

Firstly: I’m not a techie, I’m a marketing guy. So, what qualifies me to write a blog article about SAP cybersecurity? Well nothing really except that sometimes an unbiased view on things is helpful. Here’s what I mean…

Clear Business case

When I made my first steps into SAP security a couple of years ago the market scenario was simple: Companies are facing more and more cyber-attacks and therefore must secure their IT landscapes properly. As SAP usually is storing the crown jewels of a company it’s very important to also increase the security posture there. And as SAP is quite different from the rest of the usual IT landscapes this requires specific know-how and solutions that help both: the IT security and the SAP team which is very often focusing on business operations. That’s a simple and clear business case – so far, so good.

Why is SAP Security not high priority?

What I found very interesting was the fact that SAP cybersecurity in many companies is still low priority. I could not understand why this is the case. If companies haven’t been a victim of a successful breach, then cybersecurity from a management point of view is often seen as something that at first glance only costs money but doesn’t bring any value in return. That naive view on such a critical topic from people whose job it is to run and align a company strategically with a perspective of the up-coming 10 years or more – that’s what was most surprising to me when I stepped onto the scene.

Not that this view on things is naive, it’s shortsighted and puts not only the IT infrastructure to high risk but also the whole company’s future including personal data and in the last consequence the jobs of its employees to an absolute unnecessary risk. In short: To not invest in cyber-security at all is wrong. And by investing I don’t just mean money. Investing into SAP security primarily means setting up new processes, giving employees time to learn and execute security-related tasks.

You can’t turn back the clock

This ignorant view reminds me of some people who are living an unhealthy lifestyle, (although they should know better) until the doctor tells them they are suffering from high blood pressure, fat liver or any other serious disease and then they suddenly “wake up” trying to regain their health again with maximum effort but often not the result they wish for.

Instead, prevention has almost always paid out for companies who act smart and invest wisely. Invest wisely into the right SAP cybersecurity solutions that reduces the manual workload from your employees and radically reduces the attack surface of the IT infrastructure and act smart when it comes to implementing security into the backbone of each critical business process. It’s usually more expensive to check the finished product or service for security leaks and fix everything afterwards then if this would’ve been done within the process. So, embedded security speeds up critical processes and increases the security posture from the very beginning.

Conclusion

Cybersecurity in general and SAP security specifically must be a top priority topic for every company – not to do that is bad management. What needs to be decided for every company is how to start this journey and how to shift it slowly from reactive to proactive. Even if companies start with doing anything this is already reducing your attack surface and is way better than doing nothing. As cyber security is no project with a deadline but an ongoing agile process instead, we at SecurityBridge and our dedicated partners are happy to discuss your tailor-made roadmap that fits best.

Reach out if you want to learn more about SecurityBridge Platform for SAP.

Posted by

Till Pleyer
Share on linkedin
Share on twitter
Share on email
Find recent Security Advisories for SAP©

Looking into securing your SAP landscape? This white-paper tells you the “Top Mistakes to Avoid in SAP Security“. Download it now.

SecurityBridge at the DSAG Annual Congress 2022: How to protect SAP systems during these times

Together with its partner, Fortinet, the SAP Security specialist company will present how to close the gap between SAP and network security in Leipzig.

SecurityBridge joins NTT Data’s Cybersecurity for SAP Webinar

Whether your business critical SAP landscape is traditional on-prem, in one or more clouds, or even the latest RISE with SAP, you are accountable for ensuring it is secured against rapidly increasing cyber threats. Join this webinar to learn why SAP application security is critical and how you can stay in control and protect your business.
SecurityBridge
Here at SecurityBridge, we are extremely lucky to have a team full of amazing professionals. Thanks to our team, we have achieved extraordinary things in the past couple of years. With that in mind, we thought it was time for us to start introducing you to the team that drives everything behind the scenes. And we couldn't have chosen a better example to start with than our very own, Harish Dahima! Read on and learn all about Harish's life as a Senior Product Developer, his role, and life at SecurityBridge.
SAP Cloud Connector
SAP Cloud Security- SAP Cybersecurity- Security News
Every organization constantly faces the challenge of minimizing the attack surface that an adversary could use to perform malicious operations. To do this, administrators must install the deployed components and understand them in detail to identify risks and proactively mitigate or prevent those. Today we are looking at what is necessary to protect the SAP Cloud Connector.
SAP Cycling event
Life at SecurityBridge- Partner News- Security News
It was John F. Kennedy who once said: “nothing compares to the simple pleasure of a bike ride”. And what a pleasure it has been! We had our annual bike ride with friends from Accenture, Deloitte, CGI, McCoy, Thales, KPN, Hunt &Hacket, and security leaders from major customers. We had a lot of opportunities for exchange in the cozy atmosphere among like-minded people who all love road cycling and have SAP Security improvement in mind.
SAP Expert Search
SAP Patch Management- Security News- Security Patches
After many years in the SAP eco-system, I know many good and bad practices exist in the IT Departments of – to be frank – every organization on this planet. Initiated by the SAP Security Patch Day in September 2022, our team has nudged me to share some knowledge. In this short how-to description, we want to explain the correct usage of the SAP Launchpad Expert Search to get the most accurate result looking for SAP Security Notes. If you want to find out how this powerful tool works, keep on reading.