Interview: Steen Schledermann NTT DATA

Key Takeaways

  • How to break down the communication barriers between business and IT security 
  • How companies regain control of security and compliance within SAP 
  • Learn why usability, collaboration and a risk-based approach are essential parts of the user experience in a cybersecurity software solution
  • See how NTT Data supports their customers beyond the technical implementation of the SecurityBridge Platform

Jaap v.d. Meer: Welcome to another session of “Cross the Bridge“. Our interview series with leading experts in SAP Security. Today we have Steen Schledermann from our partner NTT Data with us. Welcome Steen. Tell us a little bit about you.

Steen Schledermann: Yes, thank you very much. At NTT Data and Business Solutions I’m responsible for our Nordic line of business. I started this new Nordic line of business three years ago. And the thing that is worth mentioning here is that I’m not out of the SAP world myself. So my 15 years background is from a technology independent view on regulatory compliance, quality assurance, information security management, and all that in the highly regulated area of medtech industry.

Jaap v.d. Meer: Yes, in medtech is where compliance is of extreme importance. In pharma and medtech.

Steen Schledermann: Exactly. Pharma has the same kind of regulatory demands. It’s an industry where certifications and the demonstration of compliance with international harmonized standards are extremely important and business-critical and with a purpose to ensure customer trust through product integrity. But over the past years, information security, confidentiality, integrity, and availability have also increased their importance in these industries.

I was introduced to the world of SAP three years ago, and very soon I realized a massive challenge of being in control of security and compliance in this SAP landscape. This challenge relates both to the complex SAP technology itself, but also to the scale of the system landscapes. So with this new line of business, we set out a mission to realize what we call “digital trust through digital accountability management”. And that mission statement is respecting the increasing compliance burden that is put on an organization by regulations, but also by security. As more cyber security threats arise we need to find new, effective strategies to succeed. Or put in a different way:

“We’re trying to build a bridge across the extensive communication barrier that exists between our business and IT security.”

Jaap v.d. Meer: We could call that a “security bridge”. It’s impressive what you already have achieved in such a short time as you’re relatively new to SAP and are serving a big number of customers. You mentioned you work already for quite a while with us. How did it all start though?

Steen Schledermann: Yes, this is kind of interesting because I needed to get into the SAP world as fast as possible when I joined this universe. And so, I attended some SAP conferences. At one of those back in 2018, I met Ivan Mans, the CTO of SecurityBridge, and he presented me his security solution. Back then already

“…it took me only about 10 minutes to be convinced that the SecurityBridge platform is a perfect match to our mission statement.”

Well, I mean it was obvious and it really matched my background as there is a need for having compliance and assurance of all of my various security controls. I saw I could do that with this platform and I saw how relevant that would be for our customers. So the solution is really providing an essential security status dashboard, which enables us and the SAP landscape responsible person to get a holistic and simplified, security focused overview, along with the very detailed insights to the massive complexity of the system behavior. That was back in 2018. Since then, the platform has developed significantly, and also now brings on the static security and compliance aspect in addition to the dynamic threat detection. And that really brings the SecurityBridge platform to a highly valuable level in terms of the organization’s need to demonstrate transparency, compliance, and eventually digital trust.

Jaap v.d. Meer: Great. You saw the platform developing during the past years. How do you see the platform supporting SMB customers and then specifically your SMB customers in the challenge of developing their security capabilities?

Steen Schledermann: I like this question because we are the partner who’s taking the platform to the customers. And it’s a pleasure to work with this platform. And you can say it’s representing the technology part of the trade. People, processes, and technologies are part of a change management process. SecurityBridge is really designed for supporting that journey. And let me highlight three aspects of this, which I find especially interesting.

1)

First of all, I want to mention the focus on usability that has been brought into the security platform. Not only is the platform provided with a very nice FIORI layout, making it simple and easy for the non SAP people like myself to incorporate the platform. But a significant effort has also been put into the whole information security. The explanation of identified security events in terms of human language, it’s a lot easier to understand both the risk but also the relevant mitigation for a given security event, the way it’s been laid out in the system.

“This is a capability that really brings down the entry barrier of operating and utilizing the platform and really making it easier for developing SAP security competencies in the organization.”

2)

So secondly, the platform is filled with an organizational collaboration objective in mind, it has hundreds of security controls that are monitored across the entire SAP landscape and which has been grouped into areas of responsibilities. The natural owner of the various types of issues that goes along with the security events has been grouped into authorizations, development bases, and so on, and which is then an out-of-the-box orchestration to enable a natural collaboration between the various organizations or entities. And this really enabling the team sport of the challenge of security, as we usually call it.

Jaap v.d. Meer: Yeah, it’s not a one-person game. It’s a team sport.

Steen Schledermann:  That’s truly right. And it’s a very complex subject to cover in total. 

3)

So the third thing I would like to mention is the platform outcome. It is supporting a real-time risk-based security posture status. This is helping the organization to prioritize their security investment in the best possible way. And due to the out-of-the-box security baseline and risk-based prioritization of events, the platform supports a risk-based continuous improvement process, which is a requirement in most cybersecurity and information security management frameworks. Also, from this point of view, compliance with general security standards is really being supported greatly out of the box.

Jaap v.d. Meer: So, if I summarize how you see that our platform brings value to the customer and you bring value to your customers is with the usability, you don’t have to be able to speak SAP-anese as your profession would call this. It’s the collaboration working together in the organization on the different aspects of security and is a risk-based approach – first things first.

Steen Schledermann:  yes.

Jaap v.d. Meer: Thank you for being so positive about our platform. At the end of our interview, can you explain a little bit more about what NTT data can do for its customers in the field of cybersecurity, how do you help?

Steen Schledermann: Yes, we do our best to help the organization onboarding the new technology in their SAP landscapes, both in terms of the technology itself, but also in terms of adopting the new SAP security capabilities, in terms of processes and the people involved in using the platform daily. So that’s the change process that comes along with introducing new technology. And that platform is generally a new source of information about changes and modifications to the SAP landscape. And that is provided in a risk-prioritized manner, which is helping the organization in prioritizing and planning the changes to enable a properly secured business-critical system. That’s where we come in.

Jaap v.d. Meer: Thanks, Steen. Time flies when you’re having fun, as they say. Again, thanks a lot for being with us today and taking the time to share your experiences and your thoughts on cybersecurity.

Steen Schledermann: Thank you very much. It was a pleasure to be part of your event here, and I hope it’s a great contribution to your storytelling.

Posted by

Christoph Nagy
Share on linkedin
Share on twitter
Share on email

Looking into securing your SAP landscape? This white-paper tells you the “Top Mistakes to Avoid in SAP Security“. Download it now.

Next-Gen Application Security for SAP

Join roundtable delegates who will discuss the challenges, solutions, and their experiences in simplifying security and combining it across the network and the SAP application, to introduce a shift in paradigm for SAP customers.

How to accelerate SAP Security?

Watch the webinar recording to learn how you can accelerate your SAP security initiatives. Special Guest, Sanofi’s SAP Security Leader speaking about their journey …
SAP-Security-Operations-Map
The SAP Secure Operations Map is part of the security recommendations published by SAP and has been revised several times over the years. While this is well known to SAP security experts, much fewer people in Information Security are familiar with it.
SAP Patchday
November has come and the days in Germany are getting shorter and colder. No reason for the SAP Security and Response team not to continue their monthly practice. Looking at today's publication of SAP Security Patch Day, we luckily find only 1 Hot News and 2 High priority corrections.
SAP Patchday
Like every second Tuesday of the month, it’s again SAP Patch day! Today, 12th October 2021, SAP again released security patches for its vast product portfolio.