The global and independent platform for the SAP community.

Central protection against cyberattacks

ERP security is one of the most important success factors in companies - whether SAP, Oracle or other business software is in use. To protect critical systems from attacks, customers should use comprehensive security platforms.
Dr. Markus Schumacher, Onapsis
March 20, 2020
[shutterstock: 650552203, Gearstd]
avatar
This text has been automatically translated from German to English.

Last spring, the U.S. Department of Homeland Security's Office of Cybersecurity and Digital Infrastructure (CISA) and security firm Onapsis warned of increased risks from attacks on known misconfigurations in SAP applications: "Many SAP systems are at risk."

The reason was the publication of an exploit construction kit called 10KBLAZE, which provides malware and thus makes it very easy for hackers to compromise the relevant systems. Worldwide, nine out of ten SAP installations with a total of over 50,000 customers are said to be affected.

While still a novelty in the SAP world, such attack kits for Oracle vulnerabilities have been available in public forums for some time - and are no less dangerous. For most companies, the market-leading SAP and Oracle systems are at the heart of digitization, cloud migrations and IoT initiatives.

If they become the target of cyberattacks, this can have very serious consequences for a company - whether the attack is intended for espionage, sabotage or fraud. If cyber criminals succeed in accessing entire databases in order to copy, change or delete them, they can cause considerable economic damage.

In addition, the reputation suffers and the trust of customers dwindles. This pressure is increased by ever stricter regulatory requirements such as the EU Data Protection Regulation, which punishes data protection violations with heavy fines.

Security gaps in three areas

In order to effectively ward off such cyber threats to ERP systems, the use of holistic security tools is recommended. In the SAP area, for example, three areas have been identified that are significantly responsible for security vulnerabilities: System settings, customer-generated code and the import of transports.

With comprehensive analysis tools, it is possible to automatically check the SAP system configurations, immediately eliminate possible errors, and avoid renewed configuration errors ("automate audit"). At the same time, the customer's own code lines can be automatically checked for weaknesses in security, compliance and quality and these can be cleaned up.

Finally, by analyzing SAP transport requests ("change assurance"), it is possible to prevent updates and new developments as well as third-party applications from importing harmful content into SAP systems and opening the door to spies or data thieves.

Schumacher Markus

So if you want to effectively protect your ERP environment from attackers, you should definitely rely on an integrated solution to automatically detect, remediate and prevent all identified cybersecurity and compliance risks.

Since most companies operate extremely heterogeneous system landscapes with hundreds, if not thousands of applications, such an ERP security platform should also be able to be used across manufacturers.

There should be a focus on SAP and Oracle applications, as these two vendors, with around 437,000 and 430,000 customers worldwide, are considered market leaders for enterprise software, whether on-premises or - increasingly - cloud-based.

A multi-vendor approach ensures that multiple security tools do not need to be deployed and that the installation and operational effort for ERP security is kept to a minimum.

This also applies to the use of the security platform in digital transformation projects and in migrations of existing ERP systems to the cloud or to new software generations from the same providers, such as the upcoming migration to SAP S/4 Hana for many customers.

Best Practices

Good ERP platforms for security and compliance are also characterized by the fact that they are based on best-practice specifications: including the security guidelines of the individual software manufacturers and user groups, for example the DSAG testing guidelines, as well as the BSI basic protection recommendations.

Equipped with proven security expertise, security platforms offer companies comprehensive protection against cyberattacks. This protection is an absolute must in view of the increasing number of IT attacks and the horrendous damage they cause every year.

According to a study by the industry association Bitkom, industrial companies in Germany incurred a total loss of 43.4 billion euros in 2017 and 2018 alone. Following the acquisition of Virtual Forge, Onapsis can provide customers with a central ERP platform for security and compliance that can be used equally by all target groups - even beyond SAP and Oracle.

avatar
Dr. Markus Schumacher, Onapsis

Dr. Markus Schumacher is General Manager Europe at Onapsis


Write a comment

Working on the SAP basis is crucial for successful S/4 conversion. 

This gives the Competence Center strategic importance for existing SAP customers. Regardless of the S/4 Hana operating model, topics such as Automation, Monitoring, Security, Application Lifecycle Management and Data Management the basis for S/4 operations.

For the second time, E3 magazine is organizing a summit for the SAP community in Salzburg to provide comprehensive information on all aspects of S/4 Hana groundwork.

Venue

More information will follow shortly.

Event date

Wednesday, May 21, and
Thursday, May 22, 2025

Early Bird Ticket

Available until Friday, January 24, 2025
EUR 390 excl. VAT

Regular ticket

EUR 590 excl. VAT

Venue

Hotel Hilton Heidelberg
Kurfürstenanlage 1
D-69115 Heidelberg

Event date

Wednesday, March 5, and
Thursday, March 6, 2025

Tickets

Regular ticket
EUR 590 excl. VAT
Early Bird Ticket

Available until December 20, 2024

EUR 390 excl. VAT
The event is organized by the E3 magazine of the publishing house B4Bmedia.net AG. The presentations will be accompanied by an exhibition of selected SAP partners. The ticket price includes attendance at all presentations of the Steampunk and BTP Summit 2025, a visit to the exhibition area, participation in the evening event and catering during the official program. The lecture program and the list of exhibitors and sponsors (SAP partners) will be published on this website in due course.