Before I started in security, I spent a few years helping organizations transform their business with SAP solutions. Since then, it has been great to watch these mission-critical applications opening to customers and partners and the SAP stack opening to cloud and virtualization technologies…there are so many new opportunities to improve business agility and reduce cost to deploy and manage.
Looking now from a security lens, I see a new need to help organizations transform their business – by educating on the options to secure these mission-critical applications so security becomes part of the solution and not a barrier to change.
The good news….you have options.
Given the type of sensitive data – HR, financial, customer – stored in SAP systems, it is expected that managing security risks would be top priority regardless whether you are deploying in a physical, virtual or cloud environment.
Of course, security is also a top priority for SAP. This means security for SAP solutions is continually improved through native enhancements and third party solutions. Together with SAP, there are solutions from certified partners like Trend Micro to make sure enterprise solutions are better able to defend against malware, denial-of-service attacks, cross-site scripting and other advanced and targeted attacks.
Now you need your “security checklist”
The key to security success as you open SAP apps to customers and partners and move to virtual or cloud environment, is to know what questions you should ask when coming up with your security requirements. Knowing your security needs up front will ensure it is part of the transformation – not a barrier or afterthought.
Here are three top-of-mind questions to start with as you develop your SAP security requirements:
1. What are my security risks? Are you improving your ability to respond to customer feedback by moving customer applications to the cloud? Are you improving supply chain efficiency by opening up an application to provide more visibility or communication with partners?
With business systems in general increasingly being web accessible, attackers can more readily target and exploit vulnerabilities in operating systems, web servers and the business applications themselves. Despite the availability of vendor-supplied patches, all web-facing systems remain at risk if patches are not applied on a timely basis. And the growing prevalence of zero-day exploits makes it difficult to stay ahead of the latest threats.
Each business scenario will have an implication for security and you just need to make sure you know what risks you have to deal with so you define the right list of security requirements. This is not an exercise unique to SAP applications. Because of the mission-critical nature of SAP applications, I just think it becomes more important than ever to arm yourself with information so you can put the right solution in place.
2. Does my security integrate with my SAP environment? Beyond security coverage, ensuring your security solution has the right “hooks” into your environment is important to make sure it complements native security from SAP and fits with how you want to manage and scale your SAP system. SAP provides capabilities like the SAP Virus Scan Interface (VSI) as part of SAP NetWeaver ® to allow certified third parties, like Trend Micro, to augment native security capabilities.
3. What are the security requirements for my environment? Cloud and virtual environments each introduce unique requirements for security. Understanding how your security solution is optimized for those environments is critical to make sure you can easily manage security and reap the expect cost, performance and agility benefits. We have worked with thousands of customers to secure their virtual and cloud environment and have added optimizations for environments like VMware and Amazon Web Services (AWS) to support those unique requirements. For those who might be considering SAP on AWS, here are some best practices we recommend you consider.
The bottom line
Don’t let security slow you down as you evolve your SAP system. Make sure you understand the unique requirements for the environment that best fits where you want to take your business so security becomes part of the solution.SAP, SAP NetWeaver and all SAP logos are trademarks or registered trademarks of SAP AG in Germany and in several other countries. All other product and service names mentioned are the trademarks of their respective companies.