The global and independent platform for the SAP community.
The opinion of the SAP community, IT Security Column, MAG 18-12

Security Ascent

The field of IT security must emancipate itself and raise its profile. It is not a luxury, but a necessity, which includes sound training and years of experience. Security is grown up!
Jörg Schneider-Simon, Bowbridge Software
February 7, 2019
Content:
It Security
avatar
This text has been automatically translated from German to English.

Everything used to be better! Networks were secured with packet filters, far down in the OSI reference model (on layer 3 or 4). Access rights were regulated on machine or operating system level, programming was done in assembler or C - all nice and low-level!

Ah, the good old days, when we still had a net perimeter and clear enemy images: outside was bad, inside was good - and viruses were caught via infected floppy disks!

At that time, "all areas of security" - i.e. firewall and virus protection - were covered by a single admin, who was also responsible for the administration of the (of course internal) mail server (UNIX sendmail - no Exchange!).

Emancipation and valence

But let's face it: (in)security has moved up - up in the layers of the OSI reference model. Most attacks today take place at the presentation or even application layer.

For security managers, this development means that it is no longer enough to deal with networks, firewalls and a handful of operating systems to protect corporate networks, applications and users.

They must be familiar with the peculiarities and special requirements of a wide range of applications - and often better than their users. Today's security experts no longer resemble general practitioners, but rather vascular surgeons.

They often specialize in a particular aspect of the complex security stack we find in enterprises today: OS security, firewalls ("application-aware, next generation," of course), IDS/IPS, multi-factor authentication, cryptography, database security, cloud security, and more.

Securing complex, heterogeneous enterprise IT infrastructures therefore usually requires a number of such highly specialized cyber security specialists.

However, this veritable army of IT defenders must be recruited and trained somewhere and ideally have several years of relevant experience before CISOs entrust them with securing mission-critical IT systems. Unfortunately, there are very few offerings in the academic environment that specifically address the complex of topics of IT security or even explicitly cyber security.

Teaching and research

This lack of non-commercial training opportunities creates a problem that many companies are facing today: There are simply too few cyber security experts!

ISACA (Information Systems Audit and Control Association), an association of international experts in the field of IT systems auditing, predicted back in 2016 that there would be a shortage of two million cyber security experts worldwide by 2019. Given the unexpectedly strong increase in hacking attacks, malware distribution and data theft, the actual number will be even higher.

For those interested in technology, this cyber security know-how vacuum in turn means interesting career opportunities, attractive salaries and an almost free choice of exciting places to work, because the demand for cyber security experts is already growing about three times faster than the general demand for skilled workers in the IT segment. Security has taken on a lasting significance.

These rosy prospects are, in my opinion, many times better if said future cyber security experts specialize analogous to brain-vascular surgeons: to SAP cyber security experts - security career advancement guaranteed!

avatar
Jörg Schneider-Simon, Bowbridge Software

Jörg Schneider-Simon is Chief Technical Officer of Bowbridge Software, a provider of cybersecurity solutions for SAP applications.


All articles of the author

Write a comment

The SAP CEO Alternate

Workday Illuminate Is the Next Generation of Workday AI

Workday Signs Agreement to Acquire Evisort

Working on the SAP basis is crucial for successful S/4 conversion. 

This gives the Competence Center strategic importance for existing SAP customers. Regardless of the S/4 Hana operating model, topics such as Automation, Monitoring, Security, Application Lifecycle Management and Data Management the basis for S/4 operations.

For the second time, E3 magazine is organizing a summit for the SAP community in Salzburg to provide comprehensive information on all aspects of S/4 Hana groundwork.

Venue

More information will follow shortly.

Event date

Wednesday, May 21, and
Thursday, May 22, 2025

Early Bird Ticket

Available until Friday, January 24, 2025
EUR 390 excl. VAT

Regular ticket

EUR 590 excl. VAT

Venue

Hotel Hilton Heidelberg
Kurfürstenanlage 1
D-69115 Heidelberg

Event date

Wednesday, March 5, and
Thursday, March 6, 2025

Tickets

Regular ticket
EUR 590 excl. VAT
Early Bird Ticket

Available until December 20, 2024

EUR 390 excl. VAT
The event is organized by the E3 magazine of the publishing house B4Bmedia.net AG. The presentations will be accompanied by an exhibition of selected SAP partners. The ticket price includes attendance at all presentations of the Steampunk and BTP Summit 2025, a visit to the exhibition area, participation in the evening event and catering during the official program. The lecture program and the list of exhibitors and sponsors (SAP partners) will be published on this website in due course.