The global and independent platform for the SAP community.

SAP Security: Looking the Other Way Doesn't Help

Worldwide attack campaigns and successful cyberattacks on companies and institutions illustrate how vulnerable a digitized economy and society are. And with each new incident, the importance of cybersecurity increases.
E-3 Magazine
May 18, 2018
SAP Security: Looking the Other Way Doesn't Help
avatar
This text has been automatically translated from German to English.

A recent survey among members of the German-speaking SAP User Group (DSAG) sheds light on interesting trends in dealing with security in the SAP environment and derives specific demands from it.

On the positive side, 87 percent of the DSAG members surveyed are aware of general guidelines or a strategy for SAP security in their companies. In addition, 55 percent of respondents have made additional investments in the past twelve months to make their SAP systems more secure and minimize risks.

In this context, 78 percent of respondents thought it would make sense if appropriate security components were already activated by default in updates, new releases and services for SAP systems (security by default).

SolMan instead of SAP Security Dashboard

As imperative as security concepts are, they can hardly be implemented without a proper dashboard. Yet 72 percent of respondents do not yet use a central SAP security dashboard to keep track of their security settings.

"Some users rely on SAP Solution Manager for this. However, in our view, its primary task is not currently to map the functionalities of a comprehensive security dashboard.

Together with us, SAP could develop a standard for a complementary SAP security dashboard to meet the security requirements from DSAG's perspective."

Alexander Ziesemer, spokesman for the SAP Security Vulnerability Management working group in the Security working group, is convinced.

Alexander Ziesemer

Network security with room for improvement

In terms of network security, 54 percent of respondents have separated and protected their SAP server network from other networks.

"A good result, but one that still has a lot of room for improvement. This figure still needs to increase significantly. Because it currently means that 46 percent have not yet taken appropriate security precautions."

Alexander Ziesemer appeals to the companies.

Currently, 20 percent of those surveyed have concepts for securing Internet-of-Things-supported processes. Here, too, DSAG board member Ralf Peters sees a need for action on the part of both companies and SAP:

"Internet-of-Things projects require an end-to-end security architecture or corresponding control models. Appropriate solutions are needed for both."

Graphic Security Survey DSAG

Cloud work order

SAP initiative continues to be called for with regard to cloud computing. More than half of the respondents (55 percent) have connected SAP systems to a cloud and call up corresponding functionalities directly via the Internet.

There is broad agreement (87 percent) that cloud solutions require different, special security strategies and concepts. In addition, 81 percent see a very great or great challenge in integrating SAP cloud products into their own security concepts.

"From this, we derive the requirement for SAP to continue working intensively on the security of cloud products, e.g., through uniform identity and authorization management integrated into the processes"

Ralf Peters summarizes the facts.

Top Topic Interfaces

In this context, it is worth noting that the cloud issue is currently still secondary for the respondents.

"Currently, interface security, SAP security policies, and training to raise awareness of the issue across all levels of the organization are rated as primary.

For example, security training on SAP-relevant content is on the agenda of only twelve percent of the companies surveyed so far."

comments Alexander Ziesemer.

avatar
E-3 Magazine

Information and educational outreach by and for the SAP community.


Write a comment

Working on the SAP basis is crucial for successful S/4 conversion. 

This gives the Competence Center strategic importance for existing SAP customers. Regardless of the S/4 Hana operating model, topics such as Automation, Monitoring, Security, Application Lifecycle Management and Data Management the basis for S/4 operations.

For the second time, E3 magazine is organizing a summit for the SAP community in Salzburg to provide comprehensive information on all aspects of S/4 Hana groundwork.

Venue

More information will follow shortly.

Event date

Wednesday, May 21, and
Thursday, May 22, 2025

Early Bird Ticket

Available until Friday, January 24, 2025
EUR 390 excl. VAT

Regular ticket

EUR 590 excl. VAT

Venue

Hotel Hilton Heidelberg
Kurfürstenanlage 1
D-69115 Heidelberg

Event date

Wednesday, March 5, and
Thursday, March 6, 2025

Tickets

Regular ticket
EUR 590 excl. VAT
Early Bird Ticket

Available until December 24, 2024

EUR 390 excl. VAT
The event is organized by the E3 magazine of the publishing house B4Bmedia.net AG. The presentations will be accompanied by an exhibition of selected SAP partners. The ticket price includes attendance at all presentations of the Steampunk and BTP Summit 2025, a visit to the exhibition area, participation in the evening event and catering during the official program. The lecture program and the list of exhibitors and sponsors (SAP partners) will be published on this website in due course.