The road to our new feature Security Roadmap

SAP security roadmap

Over the past months, I’ve spent a lot of time talking to customers and prospects to better understand their requirements,  challenges and motivations. In these conversations, one question has been frequently asked: “What’s the best way to move forward in SAP security after the initial security analysis?”

Christoph Nagy
CEO SecurityBridge

From the question to the concept

The question is not easy to answer in a generalized way. SAP implementations are typically complex structures consisting of SAP NetWeaver, SAProuter, SAP WebDispatcher, SAP S4/HANA, and possibly SAP Cloud. This is however a great question facing many security teams, so we discussed it with the SecurityBridge engineering team, who love a technical quandry and debate. A few discussions later, we had a concensus and a concept.

From concept to pilot

The problem with concepts is that they’re worthless unless proven. This is usually not a problem, as our experts are very good at assessing what’s feasible, but more importantly you need to know if the concept meets your clients’ requirements.

SAP security workshop

That’s why we discussed it with customers and partners. I particularly enjoy the constructive atmosphere and the open discussions and freely exchanged ideas. This gives each of our customers and partners the best opportunity to help shape the future of the solution. A few discussions later, and admittedly some changes to the initial concept, we moved on to implement a pilot.

The solution must be simple

The best solution to a complex problem is often based on a simple idea, as it proved to be in this case. Remember, customers are faced with the challenge of how to best proceed in order to increase system security. They look at an actual picture of the current system security which may contain many red lights and warnings.

SecurityBridge (from version 5.85.4 onwards) has the ability to evaluate the resolution complexity of any security issue, as well as the probability of exploitation. This is the basis for a security roadmap that can be implemented. So now, our customers can set priorities on findings that are easy to resolve but have a high risk of exploitation.

Feedback is important!

It is particularly important to ask for feedback from end-users in assessing whether the new feature is accepted and meets the intended added-value. For this purpose, all security applications included in the SecurityBridge platform have a “Send Feedback” function. Additionally, we ask our customers and partners about their experiences in the course of regular discussions. The Security Roadmap function, by the way, is well received and has already helped many SecurityBridge customers to identify and realize quick wins. More complex topics can be planned specifically on a roadmap.

Final words

Our common goal is to help you to enhance your SAP system security, and to sustain the achieved security posture holistically. This is a huge task and will be accomplished more easily and efficiently as a team. Therefore, we are continually growing the numbers of our partners and extended “team”. We’d love to share our insights with you so feel free to reach out at any time.

Posted by

Till Pleyer
Share on linkedin
Share on twitter
Share on email
Find recent Security Advisories for SAP©

Looking into securing your SAP landscape? This white-paper tells you the “Top Mistakes to Avoid in SAP Security“. Download it now.

Meet us at ASUG Carolinas Chapter Meeting 2022

Come and meet us! On June 24, 2022 the US team of SecurityBridge will be at the ASUG Carolinas Chapter Meeting 2022. We are silver sponsor of the event and present with an exhibition table.

SecurityBridge at the VNSG Event

SecurityBridge will do a presentation together with our customer Achmea and hosting a booth to demonstrate the capabilities of the platform. The event runs all day from 09:00 to 16:00 with drinks and snacks to close the day.
The Federal Republic is attempting to make critical infrastructure resilient to cyber-attacks by proactively identifying vulnerabilities and implementing measures to protect attractive targets.
how to spot anomalies in SAP
How to reliably detect suspicious actions from within the huge mass of SAP systems and user activity? In this article, we’ll tell you what’s needed to detect anomalies in SAP's log stack and put them into context to find cyber-attacks.

“SecurityBridge is committed to supporting our ecosystem of partners to continue our fast company growth. Our partners bring us the scale we need with their extensive customer relationships and substantial technical expertise that ensures customer success.”

Christoph Nagy
CEO SecurityBridge