The global and independent platform for the SAP community.

IT security - no more tinsel please

Where the topic of IT security gets serious budget, it could become harder to attract qualified employees. IT talent wants employers that focus on automation rather than manual mass changes.
Tobias Harmes, mindsquare GmbH
September 12, 2019
It Security
avatar
This text has been automatically translated from German to English.

I'm a big fan of the Pessimists Archive podcast. Jason Feifer gives a stirring and not at all dusty account of the history of resistance to change.

Things that today are classified as rather conservative and established were revolutionary and also often "of the devil" when they were introduced. For example, the waltz was as scandalous in the early 1800s as rock 'n' roll was later. People even fought duels over the honorability of the waltz. Can't be?

I can tell whether something is taken seriously by whether someone is willing to pay money for it. And security for SAP is now taken seriously. Today, I see that companies are willing to change something.

However, only enough to change as little as possible of the established system. New SAP authorizations are then requested, which should be conflict-free and fit into the existing concept. But the concept for operations is usually to do mass work manually with human power.

Dull, error-prone, boring and completely replaceable. Administrators in dozens of companies I've personally met are still working on IT security as they did before the iPhone was introduced. That was 2007.

While many companies are now working on how employees and customers can access the SAP system via pretty new Fiori interfaces, the mood in the engine room is gloomy and sinister. There is no orchestration or control, just a blunt shoveling of coal into the fire.

Keeping hundreds of roles in sync on front-end and back-end servers without investing in role and identity management concepts and tools is - outdated concept.

Operating an SAP system without having established security monitoring is - outdated concept. Not investing in the systematic training of employees with regard to SAP security is - you guessed it - an outdated concept.

And new employees are increasingly unwilling to accept this. Why should they? They have a choice - there are enough employers who are urgently looking for skilled and motivated personnel.

Why should a young employee then get involved in dull jobs with old concepts? Whereas at other companies he can develop concepts and configure tools that do the repetitive work for him?

The "get in IT Study 2017-2018" states:

"IT talent wants to innovate and become experts in their field."

So we have the crazy situation here that the budget is there, but success will not materialize. Because a sustainable security concept still has to be operated by expert personnel. And they're not in the mood for "there used to be more tinsel".

It's not that anyone has done anything wrong. But if SAP's existing customers want to continue to exist securely in the current reality and not end up in the headlines as a data slinger or in bankruptcy when it comes to company secrets such as recipes, then employees must also be recruited to help. And companies must also accept that there is more to change than just "damp wiping through the SAP system" once.

In the history of all innovations, there have always been one or more people who have not let themselves be dissuaded from the idea of the new. Even if everyone grumbled, grumbled or grumbled. There must be this one person in every company. The one who patiently explains the advantages of the new without snubbing those who still strive for the old.

At the end of the day, it's like waltzing: The young won't be dissuaded because they understand the new world and take IT security as seriously as it needs to be today.

Not by manually tinkering with roles or creating users. Instead, a concept is developed and established tools are used. So that you also have the time to find out about new security risks and can plan countermeasures.

avatar
Tobias Harmes, mindsquare GmbH

Tobias Harmes is an SAP Basis & Security consultant at mindsquare GmbH and editor of the weekly podcast "SAP Basis & Security" by RZ10.de.


Write a comment

Working on the SAP basis is crucial for successful S/4 conversion. 

This gives the Competence Center strategic importance for existing SAP customers. Regardless of the S/4 Hana operating model, topics such as Automation, Monitoring, Security, Application Lifecycle Management and Data Management the basis for S/4 operations.

For the second time, E3 magazine is organizing a summit for the SAP community in Salzburg to provide comprehensive information on all aspects of S/4 Hana groundwork.

Venue

More information will follow shortly.

Event date

Wednesday, May 21, and
Thursday, May 22, 2025

Early Bird Ticket

Available until Friday, January 24, 2025
EUR 390 excl. VAT

Regular ticket

EUR 590 excl. VAT

Venue

Hotel Hilton Heidelberg
Kurfürstenanlage 1
D-69115 Heidelberg

Event date

Wednesday, March 5, and
Thursday, March 6, 2025

Tickets

Regular ticket
EUR 590 excl. VAT
Early Bird Ticket

Available until December 24, 2024

EUR 390 excl. VAT
The event is organized by the E3 magazine of the publishing house B4Bmedia.net AG. The presentations will be accompanied by an exhibition of selected SAP partners. The ticket price includes attendance at all presentations of the Steampunk and BTP Summit 2025, a visit to the exhibition area, participation in the evening event and catering during the official program. The lecture program and the list of exhibitors and sponsors (SAP partners) will be published on this website in due course.