SAP Security: The Responsibility of security vendors 

Responsibility of SAP security vendors regarding SAP Security

The news is full of information about vulnerabilities in software, so it is easy to lose track due to the number of reports. Even SAP customers are sometimes surprised by new serious vulnerabilities and by the installation of the patches being a challenge.  But what happens when a security solution becomes a problem? 

In this short text, we would like to provide a few insights into the mindset and thought process of an SAP security solution provider. 

Secure architecture

Security-by-design is often used as a buzzword, which means applying core security requirements in the earliest stage of the software build process, the design phase. Hence during the design process of a new product capability or feature, we do not only evaluate technical feasibility but also validate the security aspect, ensuring the architecture remains secure by design and the default delivery is safe. 

As an example, to ensure continuous security, one needs regular updates, which may affect both -software and detection signatures- to deal with the newest vulnerabilities. 

For both convenience and accuracy, the SecurityBridge platform – entirely running at customer premises- offers remote update capabilities. However, such an update does not require an active inbound connection to the customer’s system, and surely no remote maintenance access is required nor desired.  

Another core aspect of our solution offering is that no additional components (software & hardware) are required. SecurityBridge is an add-on that adds cybersecurity functionality to the SAP technology. 

So, our approach does not introduce any bolt-on software & hardware-based technology which may enlarge the attack surface in your network, such as virtual appliances, docker, etc. 

Furthermore, all SAP data (configuration, logs, topology maps, vulnerability findings, etc.) remains in the trusted technology stack of the SAP applications. This ensures that valuable and security-relevant information does not fall into the hands of threat actors.  

Such an architectural approach ensures that communication credentials (including password hashes) remain in the SAP system and continue being actively monitored by SecurityBridge. 

Our promise to SAP customers

We protect your information as rigorously as we protect our own. We will inform you promptly and transparently of any serious product vulnerability that may affect you. We will advise the affected parties to implement a final solution or an effective workaround until a solution is available. 

As a validated and certified software, SecurityBridge applies industry best practices to validate performance, scalability, usability, security, and functional operation before release packing and public delivery. We work with partners and independent security experts to verify our results. 

For questions on the SecurityBridge Information Security Policy, please contact us via: Security@SecurityBridge.com 

 Our responsible disclosure policy can be found here: https://securitybridge.com/resp-disclosure-policy/ 

Posted by

Ivan Mans
Share on linkedin
Share on twitter
Share on email
Find recent Security Advisories for SAP©

Looking into securing your SAP landscape? This white-paper tells you the “Top Mistakes to Avoid in SAP Security“. Download it now.

SecurityBridge joins NTT Data’s Cybersecurity for SAP Webinar

Whether your business critical SAP landscape is traditional on-prem, in one or more clouds, or even the latest RISE with SAP, you are accountable for ensuring it is secured against rapidly increasing cyber threats. Join this webinar to learn why SAP application security is critical and how you can stay in control and protect your business.

Meet us at SAPINSIDER 2022 – in Las Vegas

June 19-21, 2022 the US team of SecurityBridge will be at the SAPinsider Event in Las Vegas. You will find our booth in the Cybersecurity area.
SAP security Patch day
August 9, 2022, is the time for the SAP Security Patch Day, this time in parallel to the black 2022 cyber security conference, the SAP Response team has released 7 patches this Tuesday.
SAP Security Solutions
Security News
The application security market is obscure and holds one or two surprises for those looking for an SAP security solution. Cybersecurity solutions for SAP help customers understand the ever-growing threat landscape and protect themselves effectively. In this article, we would like to discuss some points you should focus on when looking for a security solution for SAP.
SAP Debugger
The SAP Debugger, also known as the ABAP Debugger, is one of the most important development tools offered by SAP. An ABAP developer or a technical SAP consultant uses it to analyze problems or to simulate program flows. Usually, the debugger is simply used to understand a certain behavior in SAP ERP and to identify or understand customizing options.
cbs and securitybridge for SAP
cbs Corporate Business Solutions, a premium management consultancy, and cloud services provider with a focus on the manufacturing industry, and SecurityBridge, the leading provider of an SAP Security platform solution, have announced a partnership to meet the growing demand for comprehensive and reliable service offerings in the field of SAP Security for international SAP clients.