10 Tips for Securing Your SAP Implementation
Without clear ownership of security for a critical business platform like SAP, it should come as no surprise that SAP cybersecurity continues to fall through the cracks among IT, admin, security and InfoSec teams.
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt5a6212d8bf0f92d8/64f0db40e0ecf1c3cf65e5b1/1-Title-Slide.png?width=700&auto=webp&quality=80&disable=upscale)
Companies can’t afford downtime, for even minutes, yet they often leave their most critical business infrastructure components at risk and open to attack or misuse. The widely used SAP platform appears to be no different in this regard.
According to a recent Ponemon Institute report, on average, companies reported at least two breaches in the past 24 months related to their SAP platform -- a little secret many companies don’t share publicly -- and an under-documented situation that barely tends to make the news.
Why aren’t companies taking this seriously?
Are they worried about the downtime associated with implementing security changes?
Or have they simply not considered the risk involved, and therefore haven’t taken the step-by-step actions required to begin mitigating that risk?
In this collection of slides, we review 10 actions organizations can take to improve their security posture as it relates to their SAP platform and applications. Some of these tips will be obvious to the information security professional responsible for traditional mobile, desktop, and server security; but the tips need to be applied to their SAP implementation as well.
Note: The team at imsmartin would like to thank Onapsis and the Ponemon Institute for their contributions and research that led to this collection.
Cyber risk extends well beyond deploying the latest patches. In fact, risk also comprises the following three items: reducing vulnerabilities and exposure; managing access control and limiting permissions; and meeting other policy/compliance requirements.
Some initial steps can be taken to get a grasp of the risk your organization faces in these four areas:
Vulnerabilities: Start performing a vulnerability analysis of your SAP systems to identify the number and types of vulnerabilities that exist on each system.
Permissions: Make sure you know who has critical and sensitive permissions on your SAP systems and to your SAP data. For those that truly require those permissions for their role, enable monitoring to capture when those permissions are used (or abused).
Compliance: Start auditing the SAP systems against your existing compliance frameworks (internal and external) to determine the compliance gap.
Visibility: Provide those that require it with visibility into the current state of risk for your SAP systems
Administrators often introduce configuration changes in order to ensure that a process or one-time activity works as expected. However, these changes are not always reversed, leaving the ability for others to re-perform the activity, often bypassing any alarms that would get triggered.
Organizations should implement weekly -- or even daily -- configuration scans to identify when configuration changes are performed. An analysis of the changes could identify exposure that has been introduced by the change, thereby reducing the security of the system.
Separation of Duties (SoD) is easily enforced at the time an account is created. Over time, however, operational and organizational changes can allow SoD scope to creep and violations to occur, oftentimes unbeknownst to the SAP admins. Daily or weekly analysis of the states of separation can prevent accidental or sometimes deliberate damage to systems or loss of data.
Logging for the sake of logging helps no one (except storage providers). But intelligent logging ensures that meaningful information is captured. When the right sets of logs are combined with intelligent log analysis, it ensures that actionable information can be reviewed and escalated as soon as it is gathered and as soon as risks or incidents are identified.
A lot of breaches start from an internal employee who then opens the way for an external attacker to get in. Be sure to monitor your logs to track user activity and to look for anomalies in user behavior.
Reacting to events is key, so strive to achieve notification of significant security events within your business as close to real-time as possible. Quickly identifying these incidents in critical applications can ensure that breaches are contained and that the scope of their impact is reduced.
Having constant and near real-time visibility into known risks in your SAP environment, as well as active threats attacking them, is critical to ensuring you have a mature and enterprise-ready SAP security platform. Consider the combination of scheduled audits, ad-hoc audits, and real-time monitoring to establish and maintain the best picture possible.
Companies can’t afford downtime, for even minutes, yet they often leave their most critical business infrastructure components at risk and open to attack or misuse. The widely used SAP platform appears to be no different in this regard.
According to a recent Ponemon Institute report, on average, companies reported at least two breaches in the past 24 months related to their SAP platform -- a little secret many companies don’t share publicly -- and an under-documented situation that barely tends to make the news.
Why aren’t companies taking this seriously?
Are they worried about the downtime associated with implementing security changes?
Or have they simply not considered the risk involved, and therefore haven’t taken the step-by-step actions required to begin mitigating that risk?
In this collection of slides, we review 10 actions organizations can take to improve their security posture as it relates to their SAP platform and applications. Some of these tips will be obvious to the information security professional responsible for traditional mobile, desktop, and server security; but the tips need to be applied to their SAP implementation as well.
Note: The team at imsmartin would like to thank Onapsis and the Ponemon Institute for their contributions and research that led to this collection.
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024