Over the past months, I’ve spent a lot of time talking to customers and prospects to better understand their requirements, challenges and motivations. In these conversations, one question has been frequently asked: “What’s the best way to move forward in SAP security after the initial security analysis?”
Christoph Nagy
CEO SecurityBridge
The question is not easy to answer in a generalized way. SAP implementations are typically complex structures consisting of SAP NetWeaver, SAProuter, SAP WebDispatcher, SAP S4/HANA, and possibly SAP Cloud. This is however a great question facing many security teams, so we discussed it with the SecurityBridge engineering team, who love a technical quandry and debate. A few discussions later, we had a concensus and a concept.
The problem with concepts is that they’re worthless unless proven. This is usually not a problem, as our experts are very good at assessing what’s feasible, but more importantly you need to know if the concept meets your clients’ requirements.
That’s why we discussed it with customers and partners. I particularly enjoy the constructive atmosphere and the open discussions and freely exchanged ideas. This gives each of our customers and partners the best opportunity to help shape the future of the solution. A few discussions later, and admittedly some changes to the initial concept, we moved on to implement a pilot.
The best solution to a complex problem is often based on a simple idea, as it proved to be in this case. Remember, customers are faced with the challenge of how to best proceed in order to increase system security. They look at an actual picture of the current system security which may contain many red lights and warnings.
SecurityBridge (from version 5.85.4 onwards) has the ability to evaluate the resolution complexity of any security issue, as well as the probability of exploitation. This is the basis for a security roadmap that can be implemented. So now, our customers can set priorities on findings that are easy to resolve but have a high risk of exploitation.
It is particularly important to ask for feedback from end-users in assessing whether the new feature is accepted and meets the intended added-value. For this purpose, all security applications included in the SecurityBridge platform have a “Send Feedback” function. Additionally, we ask our customers and partners about their experiences in the course of regular discussions. The Security Roadmap function, by the way, is well received and has already helped many SecurityBridge customers to identify and realize quick wins. More complex topics can be planned specifically on a roadmap.
Our common goal is to help you to enhance your SAP system security, and to sustain the achieved security posture holistically. This is a huge task and will be accomplished more easily and efficiently as a team. Therefore, we are continually growing the numbers of our partners and extended “team”. We’d love to share our insights with you so feel free to reach out at any time.
Looking into securing your SAP landscape? This white-paper tells you the “Top Mistakes to Avoid in SAP Security“. Download it now.
“SecurityBridge is committed to supporting our ecosystem of partners to continue our fast company growth. Our partners bring us the scale we need with their extensive customer relationships and substantial technical expertise that ensures customer success.”
Christoph Nagy
CEO SecurityBridge
