The global and independent platform for the SAP community.
Cover story 21-06, MAG 21-06

Valuable but unprotected

Many existing SAP customers have a treasure trove of data in their R/3, ECC 6.0 and legacy databases. Partly for legal reasons, these systems must continue to be operated despite high security risks.
Peter M. Färbinger, E3 Magazine
May 27 2021
Content:
avatar
This text has been automatically translated from German to English.

The C-level in security and risk management must take several trends into account in order to enable a rapid reorganization of their company. According to the research and consulting company Gartner, this is due to the accelerated digital transformation of companies and challenges in the area of cybersecurity.

Peter Firstbrook, Research Vice President at Gartner, said: "The first challenge is skills shortages. 80 percent of organizations say they have difficulty finding and hiring security professionals. 71 percent say that this also has a negative impact on the implementation of security projects in their company."

Legacy systems and data treasures

The IT departments of companies maintain and operate a large number of legacy systems, even if in the vast majority of cases the specialist users have not had access to them for many years. This is especially true for existing SAP customers with their heterogeneous system and application landscapes that have grown over many years and release changes.

The reason for this unsatisfactory situation is simple: from a legal perspective, the legacy data stored in or linked to the legacy systems and applications must be stored in their original structure for many years, sometimes even for several decades, in an audit-proof manner.

From an IT security perspective, this is a manageable problem as long as the legacy systems and databases are disconnected from the corporate network. However, the problem is that companies lose their most valuable treasure and advantage over digital newcomers: their intellectual property on customers, products, services, suppliers, etc. acquired over decades - a treasure that the challengers cannot have!

The starting point for better security is greater visibility in the data structures. Companies often don't even know which detailed components they have in their master data, which software versions they use, which data they exchange and which external connections to third-party companies might exist. But you can't protect what you don't know.

Knowledge of the software versions used, databases, communication relationships, external access and much more is the basis of any cybersecurity strategy. Experts recommend a cybersecurity framework that consists of four steps: Analyze, Assess, Implement and Secure. Awareness has increased in recent years and companies are motivated to do more for security.

However, companies often feel overwhelmed and do not know where to start. This calls for a structured approach that provides the company with orientation. The existing SAP customer needs a security concept, technical and organizational solutions. This is not about maximum security, but about the right security for this company.

More and more companies are therefore starting to dig up their treasure trove of data again with appropriate concepts. However, what is an obvious way to secure the future and strengthen their own competitiveness through digital transformation is turning out to be a problem when it comes to security.

This is because many of the legacy systems that need to be accessed frequently and by specialist users are outdated and at least some of them are already out of maintenance. The cost of modernization and patching can therefore generally no longer be justified from a business perspective, if it is technically possible to do so at all.

Cybercrime and the pandemic

On the other hand, the associated risk cannot be reasonably justified either. Cyber criminals are also hungry for this treasure and are already stepping up their attacks for all to see, to the detriment of companies. They therefore need a flexible solution that can help them achieve all their goals at the same time: Legal security, comprehensive access to intellectual property and risk minimization through regular patching and the use of modern software.

This requires a new approach that removes intellectual property from legacy systems and databases and makes it available in a legally compliant manner together with its business context in its original format on a modern platform that can be patched at any time. What companies need is the JiVS IMP information management platform.

Gartner has identified the key technology trends that can accelerate digital innovation and optimize or transform services. The trends arise from the challenges posed by the pandemic and the need for flexible operating models that support significant change.

[adrotate banner="290″]

avatar
Peter M. Färbinger, E3 Magazine

Peter M. Färbinger, Publisher and Editor-in-Chief E3 Magazine DE, US and ES (e3mag.com), B4Bmedia.net AG, Freilassing (DE), E-Mail: pmf@b4bmedia.net and Tel. +49(0)8654/77130-21


All articles of the author

Write a comment

Success factor holistic process approach

SAP is at an all-time high and pushing into the cloud

Audit risks: Oracle Java usage

Working on the SAP basis is crucial for successful S/4 conversion. 

This gives the Competence Center strategic importance for existing SAP customers. Regardless of the S/4 Hana operating model, topics such as Automation, Monitoring, Security, Application Lifecycle Management and Data Management the basis for S/4 operations.

For the second time, E3 magazine is organizing a summit for the SAP community in Salzburg to provide comprehensive information on all aspects of S/4 Hana groundwork.

Venue

More information will follow shortly.

Event date

Wednesday, May 21, and
Thursday, May 22, 2025

Early Bird Ticket

Available until Friday, January 24, 2025
EUR 390 excl. VAT

Regular ticket

EUR 590 excl. VAT

Venue

Hotel Hilton Heidelberg
Kurfürstenanlage 1
D-69115 Heidelberg

Event date

Wednesday, March 5, and
Thursday, March 6, 2025

Tickets

Regular ticket
EUR 590 excl. VAT
Early Bird Ticket

Available until December 20, 2024

EUR 390 excl. VAT
The event is organized by the E3 magazine of the publishing house B4Bmedia.net AG. The presentations will be accompanied by an exhibition of selected SAP partners. The ticket price includes attendance at all presentations of the Steampunk and BTP Summit 2025, a visit to the exhibition area, participation in the evening event and catering during the official program. The lecture program and the list of exhibitors and sponsors (SAP partners) will be published on this website in due course.