Without clear ownership of security for a critical business platform like SAP, it should come as no surprise that SAP cybersecurity continues to fall through the cracks among IT, admin, security and InfoSec teams.

Sean Martin, CISSP | President, imsmartin

April 23, 2016

11 Slides

Companies can’t afford downtime, for even minutes, yet they often leave their most critical business infrastructure components at risk and open to attack or misuse. The widely used SAP platform appears to be no different in this regard.

According to a recent Ponemon Institute report, on average, companies reported at least two breaches in the past 24 months related to their SAP platform -- a little secret many companies don’t share publicly -- and an under-documented situation that barely tends to make the news.

  • Why aren’t companies taking this seriously?

  • Are they worried about the downtime associated with implementing security changes?

  • Or have they simply not considered the risk involved, and therefore haven’t taken the step-by-step actions required to begin mitigating that risk?

In this collection of slides, we review 10 actions organizations can take to improve their security posture as it relates to their SAP platform and applications. Some of these tips will be obvious to the information security professional responsible for traditional mobile, desktop, and server security; but the tips need to be applied to their SAP implementation as well.

Note: The team at imsmartin would like to thank Onapsis and the Ponemon Institute for their contributions and research that led to this collection.

About the Author(s)

Sean Martin

CISSP | President, imsmartin

Sean Martin is an information security veteran of nearly 25 years and a four-term CISSP with articles published globally covering security management, cloud computing, enterprise mobility, governance, risk, and compliance—with a focus on specialized industries such as government, finance, healthcare, insurance, legal, and the supply chain

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights