Skip to content

TOP 5 SECURITY CONCERNS FOR THE SAP CLOUD CONNECTOR

SAP Cloud Connector

Every organization constantly faces the challenge of minimizing the attack surface that an adversary could use to perform malicious operations. To do this, administrators must install the deployed components and understand them in detail to identify risks and proactively mitigate or prevent those. Today we are looking at what is necessary to protect the SAP Cloud Connector. 

What is the SAP Cloud Connector?

When installing and operating the SCC, administrators need to consider several things to ensure security. A good starting point is the manufactures SAP Cloud Connector Security Guidelines, which include the topics:  

  • Network zones concept  
  • Administration UI  
  • High Availability  
  • On-Premise Configuration  
  • Audit Logging  
  • OS-Level Protection  
  • Protocol Security and  
  • Instances.  

A new and remarkable feature of the SAP Cloud Connector is that it has an integrated security check, which provides the administrator with information about the existing issues. Not only is there a kind of checklist, but it displays a status that shows which problem currently exists. How to find the feature? Find it from the Connector menu and choose Security Status to access an overview showing potential security risks and the recommended actions. 

SAP Cloud Connector

The SCC distinguishes between general and sub-account-specific problems. In the General Security Status area, customers will find general issues. In the lower area, you will then see the sub-account issues.  

Problem 1: Often, these recommendations have not been implemented or are only partially implemented. 

Often, technical components are installed and then forgotten if they perform their service and do not break anything that works. To make matters worse, these components usually are provided by external service providers. As a result, there is not enough internal expertise available within the company for regular security checks or the remediation of security problems.  

Problem #2: The SAP Cloud Connector isn’t integrated enough into the lifecycle management of the SAP operation. This neglect can lead to security problems that are not detected or resolved in time. 

SAP releases regular enhancements for all products in the software’s portfolio. It is the customer’s responsibility to check on-premise components for security vulnerabilities for which a patch has been provided and to close this loophole on time. In addition, you must include other software products used by SAP SCC in the equation. Examples are the Java Virtual Machine (JVM) version and the Tomcat web server.  

Problem #3: Also, due to the lack of integration into the software lifecycle management, customers aren’t aware of security patch releases and don’t implement them or aren’t fast enough. You can find the available SAP Security Patches for the technical component on the SAP Support Portal using the following query: Display security patches for SAP Cloud Connector.  

SAP products are usually extensive in their logging. This makes it possible to track circumstances and situations occurring during regular operations. However, the number and variety of security logs poses a challenge for many customers. If they’re enabled, they are usually only used by the administrator for error analysis and troubleshooting. Few manage to transfer this valuable information to the Security Operation Center (SOC), and only very few apply valuable use cases making real use of the collected data.  

Problem #4: Security logs are not enabled or monitored. There is no concept for alerting when an anomaly occurs, and thus attack actions such as exploiting vulnerabilities are not detected. 

The SAP Cloud Connector builds a bridge to the outside world. Communication with public networks is dangerous because external attackers can intercept and analyze data packets. Therefore, protocol security and network architecture are important. At this point, we want to motivate our readers to support the Feature Request “Implement SNC support for incoming RFC in SAP Cloud ConnectorIn the SAP Customer Influence Portal.  

Problem #5: The system architecture isn’t optimized. For example, the SAP Cloud Connector in the DMZ shares a host system with other components. Alternatively, the protocol security isn’t guaranteed so attackers can intercept, redirect, or manipulate the packets. 

Addition:  
Based on our field service’s reports, we found SAP Cloud Connector installations in production environments that used the portable version. For productive use, SAP strongly recommends using the installer version. 

Conclusion

The integration of technical components such as the SAP Cloud Connector or the SAP WebDispatcher into the in-house software lifecycle management processes requires special efforts from the customer. To achieve a resilient posture against cyber-attacks, both the hardening of software components and monitoring of whether the measures are working must be carried out.  

Security updates must be identified and implemented on time, and security logs must be monitored continuously for suspicious activity to detect attacks as they occur.  

 You may think this is a massive hurdle until you experience solutions like the SecurityBridge Platform for SAP. SecurityBridge provides a holistic cyber-security coverage addressing the need of SAP customers directly from within your SAP landscape. 

Posted by

Christoph Nagy

Find recent Security Advisories for SAP©

Looking into securing your SAP landscape? This white-paper tells you the “Top Mistakes to Avoid in SAP Security“. Download it now.

SAP Cyber risk
SAP Cybersecurity- Security News
Businesses must be more cautious to protect themselves from cyber threats as digitalization and the use of SAP systems increase. SAP S/4HANA is critical for many enterprises as it provides the foundation for business operations. As digitalization and Industry 4.0 continue to increase, SAP S/4HANA lays the foundation for many modern business scenarios. SAP systems are important for many industries and their security is a major concern, making them vulnerable to cyber attackers. This article will discuss cyber risks and how you can assess your individual and organizational SAP systems' risks. What are cyber risks?
Common SAP Patches
SAP Cybersecurity- SAP Patch Management- SAP Security Patch Day- Security News
Installing SAP patches is crucial for maintaining a robust and secure enterprise resource planning (ERP) system. SAP, one of the leading ERP systems in the world, is constantly evolving to meet the changing needs of businesses. As a result, SAP releases various patches to address issues and enhance the functionality of its software. However, installing SAP patches can present challenges for IT teams, such as ensuring minimal disruption to business operations, managing risks, and testing the non-implemented patches. This article will discuss the three most common types of SAP patches- kernel patches, snote patches, and support packs - and the best practices for installing them.
SAP interfaces
SAP Cybersecurity- SAP Interface- Security News
In this blog article, we will explore the importance of SAP interface security and discuss the various measures businesses can take to protect their systems and data. We will also examine some common threats to SAP interfaces and how to mitigate them. To safeguard your business, you need to understand the importance of SAP interface security and take steps to make your interfaces secure. 
SAP security Patch day
10th January 2023 SAP response team sends some Happy New Year greeting to the SAP Security Teams, by releasing 10 SAP Security Notes.