Security for business critical data

SAP applications are used in a variety of ways. A great deal of attention is paid to ensuring that the SAP systems are ideally adapted and tuned to the respective requirements and run optimally.

High availability (HA) solutions are also frequently used for uninterrupted operation. But that is only one side of the coin. The other side is that SAP applications must also be backed up, because there are many sources of error that can lead to a disaster.

Logical errors, such as ransomware attacks, are many and backup is essential for this. It is problematic that HA solutions such as mirroring etc. are often confused with backup solutions.

The misconception often exists that the very high-performance HA solution, in which, for example, the data is immediately mirrored to a second system, which may even be located in a different location, can replace a data backup solution.

It is true that failed systems and data can continue to operate immediately on a second system in the event of an error. However, it is often forgotten that this only works for physical errors and not for logical errors. In the case of virus, malware or ransomware attacks, the malware is immediately transferred to the second system, and the data there is corrupt and unusable.

Encryption Trojans infect file systems without any noticeable effects for the user and only encrypt the infected data in one fell swoop weeks later. For a recovery, it must therefore be possible to fall back on the data stock before the infection.

A suitable backup solution should therefore be used for the SAP applications, which should meet various requirements. A data backup solution certified for SAP applications is very important.

Only a backup solution certified by SAP enables SAP support to be used at any time and business-critical applications to function, be backed up and restored smoothly.

Ideally, the SAP backup solution should be integrated into the enterprise-wide data protection solution, because that way everything is from a single source, easy to manage, and less training is required. In general, the backup solution should be certified for a variety of platforms, applications and databases to cover heterogeneous environments.

This ensures that backup and recovery of virtual and physical environments, databases and applications are consistent and in accordance with vendor specifications. Ideally, cloud usage should also be supported.

The data protection solution must be integrated into a business continuity strategy based on granular recovery point objectives (RPOs) and recovery time objectives (RTOs).

This is essential for a functioning disaster recovery scenario. SLAs (Service Level Agreements) must be defined and recorded in a disaster recovery plan.

The backup solution should also have the technical security to implement compliance requirements such as DSGVO, which means that the organizational requirements must also be able to be implemented through technical features.

With the current security discussions and the danger of security holes in software, it is very important that there are no backdoors in it. German or European solutions are particularly recommended here.

The requirements are varied and the list of dangers is long, ranging from power failures and natural disasters to logical errors and unintentional or targeted manipulation, which can be caused by user error, sabotage, ransomware or hacker attacks, for example. Backup is often the last resort to save the data including the important SAP environments respectively the affected company.