The global and independent platform for the SAP community.

Safety begins with the design of the infrastructure

Due to the increasing number of cyberattacks, business-critical applications like SAP need more protection than ever. It doesn't start with the applications, but with the design of the infrastructure.
Bas Raayman, Nutanix
June 10, 2020
It Security
avatar
This text has been automatically translated from German to English.

Vulnerabilities are the viruses of today. They are even more dangerous. This is because they allow cyber criminals to silently infiltrate a network and IT environment, penetrate the crown jewels and ultimately steal valuable intellectual property, blackmail the board of directors or paralyze business operations and production.

We rarely hear about successful attacks. For reputational reasons, many companies prefer to keep a low profile and are even prepared to pay millions to cyber extortionists.

Existing SAP customers are aware of the risk; after all, their SAP systems are the heart of the company. They therefore invest in traditional security software to ward off the dangers of cyber threats in advance.

This protection is extremely useful and effective, but it is not enough. On the one hand, unknown security gaps cannot be shielded by definition; on the other hand, it often takes weeks and months in large SAP landscapes before security updates are installed to close the gaps.

In addition, the boundaries between IT security and legal security are becoming blurred due to an increasing number of ever more demanding rules and regulations - the EU GDPR and SOX should definitely be mentioned in this context.

Precautions that serve to increase the traceability of changes to system configurations and primarily fulfill legal requirements also make a valuable contribution to greater IT security.

These challenges can be met with a triad of the right infrastructure for SAP landscapes, a high degree of automation, which starts with the design and programming of this infrastructure platform, and a security ecosystem.

Updating security mechanisms in a conventional three-tier architecture takes a long time and is expensive due to the large number of manufacturers involved and the differences in their technologies.

However, if an IT infrastructure is completely virtualized and controlled exclusively by software, this effort can be significantly reduced. Even in large and very large SAP landscapes, security updates are possible within hours or a few days instead of weeks or months as was previously the case.

Software-controlled infrastructures also have the advantage that security can be implemented in them as an equal functionality alongside all others. They represent the entire process of security-oriented development.

This ranges from the design and deployment of the software through to testing and additional "hardening" and is known in technical jargon as the "Security Development Lifecycle" (SecDL).

Furthermore, security gaps in such infrastructures can be identified and closed largely automatically. The implementation of security guidelines, known as Security Technical Implementation Guides (STIGs), is particularly useful for this purpose.

Software-controlled infrastructures also help to track and secure the integrity of database configurations. But let's be honest: even the best infrastructure software cannot guarantee 100% protection.

This is why connectivity to third-party solutions via open application programming interfaces (APIs) is a must. This applies in particular to the areas of encryption key management, endpoint security and microsegmentation.

Absolute security is impossible. But with the right infrastructure, the attack surface in SAP environments can be significantly reduced and the time from the discovery of a security vulnerability to its closure massively shortened.

avatar
Bas Raayman, Nutanix

Bas Raayman is Sr. Solutions Architect at Nutanix


Write a comment

Working on the SAP basis is crucial for successful S/4 conversion. 

This gives the Competence Center strategic importance for existing SAP customers. Regardless of the S/4 Hana operating model, topics such as Automation, Monitoring, Security, Application Lifecycle Management and Data Management the basis for S/4 operations.

For the second time, E3 magazine is organizing a summit for the SAP community in Salzburg to provide comprehensive information on all aspects of S/4 Hana groundwork.

Venue

More information will follow shortly.

Event date

Wednesday, May 21, and
Thursday, May 22, 2025

Early Bird Ticket

Available until Friday, January 24, 2025
EUR 390 excl. VAT

Regular ticket

EUR 590 excl. VAT

Venue

Hotel Hilton Heidelberg
Kurfürstenanlage 1
D-69115 Heidelberg

Event date

Wednesday, March 5, and
Thursday, March 6, 2025

Tickets

Regular ticket
EUR 590 excl. VAT
Early Bird Ticket

Available until December 24, 2024

EUR 390 excl. VAT
The event is organized by the E3 magazine of the publishing house B4Bmedia.net AG. The presentations will be accompanied by an exhibition of selected SAP partners. The ticket price includes attendance at all presentations of the Steampunk and BTP Summit 2025, a visit to the exhibition area, participation in the evening event and catering during the official program. The lecture program and the list of exhibitors and sponsors (SAP partners) will be published on this website in due course.