The global and independent platform for the SAP community.
The current keyword, The opinion of the SAP community, MAG 18-06

Outdated silo thinking and lack of budgets

Data is the new gold - and CIOs no longer need to be visionaries to realize this. Big Data and IoT are a reality and have caused data volumes to explode.
Holger Hügel, Secude
July 5, 2018
Content:
The-current-keyword
avatar
This text has been automatically translated from German to English.

With their help and the digitization of corporate processes, companies are now trying to generate added customer value and competitive advantages. The focus here is primarily on new business models.

Data security takes a back seat. It is seen as a "hindrance" in view of complex IT processes, since it "does not positively influence value creation.

Most decision-makers don't realize the true importance of data security to a company's success until data loss has already occurred.

In such cases, CIOs understand that they must realign their IT to keep pace with rapid technological changes while ensuring data security.

But beware: digitized business processes know no system boundaries and thrive on the lively exchange of data between business applications from different manufacturers. Despite this, IT security managers are still largely focused on the selective protection of individual data silos and applications.

As a result, and due to the enormous complexity of user roles and privileges, identity management projects that are supposed to improve access control to systems and applications are often doomed to failure before the project even starts.

As a result of this lack of control, IT organizations not infrequently react by curtailing user freedoms and thus inevitably promote the expansion of shadow IT in the company.

This opens doors for data misuse, jeopardizes the company's competitiveness and - in case of loss of personal data - ensures high GDPR fines.

Lack of resources

SAP customers are currently expanding the position of the SAP application as the central data hub within the IT architecture - in particular through the migration to S/4 Hana as the new development platform.

This also increases the potential risk of data leaving the secure SAP system in an uncontrolled manner. The classic, role-based SAP authorization concept reaches its limits here, and confidential files quickly fall into the wrong hands.

It is not without reason that SAP systems are increasingly becoming a target for cybercriminals. Although many departments and SAP administrators are aware of these new security risks, their sustainable elimination often fails due to a lack of budget and resources:

The CISOs (Chief Information Security Officers), who are actually responsible for the topic, usually have no resources of their own and receive hardly any support from operational IT, because the employees there are already busy with other projects.

While CIOs still rely on their specialists at this point and are thus lulled into a sense of security, in the event of a publicized data leak the issue then lands on the tables of the CEOs, who are ultimately liable in such a case.

Novel concepts

In order to be able to effectively secure SAP data in the digitalized world as well, new types of dynamic IT security concepts are required that tie in with the classic SAP authorization concept and, in addition to user roles, also use the protection requirements of the data for cross-platform data security.

To do this, SAP managers must think beyond SAP system boundaries and control and protect all exports - regardless of whether they were triggered by users or background data transfers.

The data itself must become the focus of attention - both in terms of data security and data protection. Only in this way is there a chance of achieving a high level of security without restricting users' freedoms.

https://e3mag.com/partners/secude-gmbh/

avatar
Holger Hügel, Secude

Holger Hügel is Vice President Products and Sercvices at Secude


All articles of the author

Write a comment

SAP and Nvidia

Purchase requisition: SAP Ariba Guided Buying

All for One announces Rise One

Working on the SAP basis is crucial for successful S/4 conversion. 

This gives the Competence Center strategic importance for existing SAP customers. Regardless of the S/4 Hana operating model, topics such as Automation, Monitoring, Security, Application Lifecycle Management and Data Management the basis for S/4 operations.

For the second time, E3 magazine is organizing a summit for the SAP community in Salzburg to provide comprehensive information on all aspects of S/4 Hana groundwork. All information about the event can be found here:

SAP Competence Center Summit 2024

Venue

Event Room, FourSide Hotel Salzburg,
At the exhibition center 2,
A-5020 Salzburg

Event date

June 5 and 6, 2024

Regular ticket:

€ 590 excl. VAT

Venue

Event Room, Hotel Hilton Heidelberg,
Kurfürstenanlage 1,
69115 Heidelberg

Event date

28 and 29 February 2024

Tickets

Regular ticket
EUR 590 excl. VAT
The organizer is the E3 magazine of the publishing house B4Bmedia.net AG. The presentations will be accompanied by an exhibition of selected SAP partners. The ticket price includes the attendance of all lectures of the Steampunk and BTP Summit 2024, the visit of the exhibition area, the participation in the evening event as well as the catering during the official program. The lecture program and the list of exhibitors and sponsors (SAP partners) will be published on this website in due time.