The global and independent platform for the SAP community.

What happens in the cloud?

More and more companies are using cloud infrastructures, but they are not the only ones. The sophistication of attacks on the software supply chain has increased.
Lothar Geuenich, Check Point Software Technologies
February 27, 2023
avatar
This text has been automatically translated from German to English.

Open source is the IT Achilles heel of the software supply chain

From the SolarWinds software supply chain attack to the disclosed Apache Log4j vulnerability, threat actors are increasingly targeting critical vulnerabilities in both cloud providers and the supply chain. However, enterprises are increasingly reliant on cloud computing platforms, with 35 percent of all companies running more than 50 percent of their workloads on Microsoft Azure, AWS and Google Cloud. The problem: Many of them struggle to secure their infrastructures across multiple cloud platforms. At the same time, they have to cope with the skills shortage and, on top of that, the number of cloud security incidents has increased by ten percent year-on-year. This is because cybercriminals have also moved their supply chain attacks to the cloud.

NotPetya

Currently, the greatest risk to the enterprise supply chain comes from open source software. The open source community provides many modules and packages that are used around the world, including by companies within the supply chain. However, the problem with open source software is that it is inherently insecure. This is because it is written by individuals, some of whom lack the expertise or budget to secure it.

This creates a gap in the security architecture, because imported open source packages can have dependencies that IT is simply not aware of. This is exactly what happened with NotPetya: NotPetya is an evolution of a malware chain that managed to infiltrate systems around the world by relying on widely available open-source accounting software. As a result, it spread like wildfire, causing chaos in Ukraine as well as several major countries, including the UK, France, Germany, Russia and the US. The ubiquity of open source software and code means it can be difficult for companies to find out if they or their suppliers are vulnerable to attack. This makes supply chains an attractive target for cybercriminals because they know that by penetrating one system, they can quickly access many more.

DevSecOps

All cloud platforms have vulnerabilities, no matter which provider is chosen. IT managers can do research and draw on the best experts in the industry, but they cannot control the full security of the chosen provider's platform. Still, companies can take the following to heart to protect themselves: Enterprises tend to build security as a single point of protection checkpoint, and attackers will try to circumvent it. A security implementation that assumes the first layer could fail, and enforces multiple layers, has a greater chance of surviving a sophisticated cyberattack. To keep the virtual doors to their network firmly shut, organizations should automate DevSecOps. This ensures that security measures can be carried out in real time and in line with other business objectives.

avatar
Lothar Geuenich, Check Point Software Technologies

Lothar Geuenich is VP Central Europe at Check Point Software Technologies


Write a comment

Working on the SAP basis is crucial for successful S/4 conversion. 

This gives the Competence Center strategic importance for existing SAP customers. Regardless of the S/4 Hana operating model, topics such as Automation, Monitoring, Security, Application Lifecycle Management and Data Management the basis for S/4 operations.

For the second time, E3 magazine is organizing a summit for the SAP community in Salzburg to provide comprehensive information on all aspects of S/4 Hana groundwork. All information about the event can be found here:

SAP Competence Center Summit 2024

Venue

Event Room, FourSide Hotel Salzburg,
At the exhibition center 2,
A-5020 Salzburg

Event date

June 5 and 6, 2024

Regular ticket:

€ 590 excl. VAT

Venue

Event Room, Hotel Hilton Heidelberg,
Kurfürstenanlage 1,
69115 Heidelberg

Event date

28 and 29 February 2024

Tickets

Regular ticket
EUR 590 excl. VAT
The organizer is the E3 magazine of the publishing house B4Bmedia.net AG. The presentations will be accompanied by an exhibition of selected SAP partners. The ticket price includes the attendance of all lectures of the Steampunk and BTP Summit 2024, the visit of the exhibition area, the participation in the evening event as well as the catering during the official program. The lecture program and the list of exhibitors and sponsors (SAP partners) will be published on this website in due time.