Beware of the gap!
“[…] If you’re not thinking holistically, not looking at a system-wide approach to SAP cybersecurity, you’re just not doing enough.”
Security. This word is, more often than not, misunderstood than understood. And this issue stems from a lack of understanding of the threat environment. The threat, in any form, strikes from obviously unforeseen and seemingly innocuous sources. The World Wide Web is replete with such stories. However, the sad truth is that despite increasing awareness, there is an almost equal rate of increasing instances of security breaches the world over.
The problem begins with perception
That is right. The inability to perceive a threat is the first symptom of systemic weakness. And this inability stems from the nature of business today, which is expansive and inclusive, making it imperative to break siloed departmental functions and share data beyond the secure boundaries of your SAP landscape.
Technically speaking, this view also extends to securing systems and sub-systems, such as SAP’s HANA, ECC, and S/4 HANA, and non-SAP ones, but not as a whole (as a ‘system of systems’). This is where the threat is as data is increasingly exchanged between these systems by users and by protocol-governed machines.
Josh Greenbaum in his article ‘SAP, Cybersecurity and You’ states this in no uncertain terms, “…if you’re not thinking holistically, not looking at a system-wide approach to SAP cybersecurity, you’re just not doing enough. This means looking at how your SAP systems interact with each other, and how they interact with the outside world—and that means you need to expand the scope of what you consider to be SAP cyber security today”.
What this essentially means is that when considering data security, it is necessary to consider every single element in the ecosystem – human and machine.
Two worlds. One view.
Over the decades’ businesses, the world suffers from multiple personality disorder. While business and its drivers form the world, operations form a distinct another. Technology, that’s supposed to bridge both, has incidentally (rather logically) become a distinct third due to its unique needs. But for the sake of this argument, let’s just consider Business and Technology.
Greenbaum is in line with this perception when he states that IT “needs to take into consideration a mix of new SAP on-premise systems, older SAP on-premise systems, new SAP cloud properties, and, of course, a similar mix of non-SAP systems, both cloud, and on-premise.” However, the business needs to be aware too and in sync with this reality. Today’s business landscape is a galaxy of myriad types of stakeholders – employees on rolls, contract employees, and vendors. All of them must be sensitized on data security. User policy implementation, training and constant tab on individual employees are necessary to ensure that data security is given priority.
Data security – The SECUDE way
SECUDE believes that while SAP has, over the years, made its ERP boundaries robust, a small keyhole is still open and that is all that is necessary to let slip vulnerable customer data or priceless IP. This is typically the gap of unmonitored port holes through which data leaks occur, through innocent or malicious intent.
SECUDE has a way to plug this gap.