How Secure is your SAP Data ?

Cyber criminals are increasingly targeting system landscapes containing SAP solutions. Not because SAP systems are particularly vulnerable — on the contrary, an up-to-date, well-configured SAP system is highly secure — but because SAP systems tend to contain valuable data that is a prime target for exploitation or corruption.

A security breach that exposes critical data has the potential to damage an organization’s business goals, personnel, assets, and reputation. This makes it extremely important to find a way to monitor all of your systems for unexpected and suspicious activities. This article enables organizations to analyze threats and identify critical attacks as they are happening so that appropriate countermeasures can be applied in time to prevent serious harm to the business.

Most of the current problems around SAP security stem from a lack of understanding around why it’s critical to implement new, more adaptive security solutions. Many CISOs and their teams do not have visibility into their SAP infrastructure, nor do they understand how connections are set-up between their SAP systems.

There is a lack of insight into what SAP teams are doing to solve security issues and when leaders in security ask their SAP counterparts in IT, they receive “old school” security answers like “We have it covered as we use SAP GRC for access controls and separation of duties measures.”

So, what are the top 5 questions that every CISO or security team should ask?

1. Do we have an accurate inventory of all systems that make up our business-critical infrastructure, including their specific relevance to the Business context and importance of what data they store and the process they run (i.e. sensitive information they store, key business processes they run, and number of users being serviced)?
2. Are we currently monitoring SAP systems for application-level attacks? Do we monitor for abnormal user behavior? If so, how?
3. Does my organization have a documented plan for addressing the increased threat of attacks to these applications?
4. Do we know if our ERP systems have been attacked in the past? If yes, which logging sources or forensics solutions have been leveraged to detect malicious activity?
5. Who in our organization would be responsible for a cyber-security breach affecting the SAP platform from an exploit that had been publicly-known for several years?

By proactively asking key questions, developing an action plan that is coordinated with the SAP basis and security teams, and implementing an automated monitoring solution, an organisation stands a better chance of being prepared.

The old ways of securing business-critical applications including Segregation of Duties, access controls and isolating systems do not safeguard processes and data. To effectively secure systems, it’s necessary for security practitioners spend more time educating their CIOs and CFOs that traditional security measures are insufficient and that adaptive security approaches need to be implemented.

Organisations that incorporate SAP vulnerability and compliance assessments into standard security operations will be further along than most other organisations using SAP. This will further provide the analysis on the real business impact of an information security breach in your core SAP platform implementation. It will alos help organisations to Identify existing vulnerabilities affecting your SAP platform (optionally including network, operating system and database layers).

Organisation can gain insight into the exposure on SAP platforms for external or internal attacks and determine if your SAP security posture is protected against malicious employees (greybox) or anonymous attackers (blackbox).