SAP Security: Playing it safe as best you can

In a digital business world, it can only be a matter of protecting the most relevant processes and systems as best as possible against cyber attacks in order to be able to operate one's own business securely. When companies deal with this, they quickly end up with their SAP systems. They are particularly worthy of protection because they mostly form the IT-side core of production. It therefore makes sense to start with the ERP system when it comes to cyber security.

But companies quickly come up against the first hurdle: Which components, data or processes in the SAP ecosystem form a suitable starting point? The background to this question is tricky. Many companies do not know which processes exist and how they are mapped on the software side. This kind of shadow IT quickly becomes a major problem, especially in terms of cyber security. This is why companies are required to first get to know their own SAP system landscape in detail before they define security goals and purchase suitable software solutions.

SAP security includes three scenarios

It is advisable to focus on three scenarios: Intranet security, Internet security and API security. In the first case, the focus is on the company's own SAP users. Companies should find out which employees actually work with the ERP system and whether or what user-specific privileges they have, as is the case with administrators and finance experts, for example. Only then can they define their rights and protect their devices in a targeted manner. The control options for Internet security are much more limited. Here, Internet access must be secured at the application level - regardless of whether the company's own employees or external users such as customers and partners use a Web-based application and how conscientiously companies use the options of a strong password or multi-factor authentication. The third area covers the security of interfaces through which data is made available, for example to partners.

Integration of SAP and detection solution

Only after companies have done this preliminary work is it advisable to look at tools. Ideally, companies should choose a modular solution. For example, a combined security platform based on Azure Cloud and Azure Sentinel has proven itself. The SAP Connector for Microsoft Sentinel connects the ERP system with the detection solution - regardless of whether companies operate their SAP systems in the data center or in the cloud. The connector can be linked to 16 log sources and consolidates data from complex SAP landscapes in such a way that it is available for targeted processing and meaningful analysis in the SIEM system (Security Information & Event Management) Sentinel. SAP and Microsoft have predefined around 100 use cases for this purpose, which companies can adapt as required or extend to include their own security scenarios. This enables them to scale the SIEM tool individually and to partially automate responses to alerts (Security Orchestration Automated Response, SOAR): Sentinel evaluates the data received and generates appropriate alerts in the event of anomalies.

Professional qualification is decisive

In addition to technology, qualified experts are also needed to ward off threats. Developers bring together the technical components, develop them further, and thus optimally prepare both detection and response - with the goal of detecting unauthorized access via various endpoints, from the Internet, or via the network, and triggering alarms automatically. Companies should also obtain professional Managed Detection and Response Services (MDR). Experienced security experts and data analysts with specialist knowledge monitor and evaluate incoming alarms in a Security Operations Center (SOC). Depending on the threat situation, predefined measures are automatically set in motion: block user accounts, disconnect the system from the network, stop booking, or similar. In the event of critical cyber attacks, the SOC initiates an individual incident response. In this way, companies have done their utmost to protect their SAP systems against hacker attacks and to operate their business without restriction.

Would you like to learn more about the SAP Connector for Microsoft Sentinel and the world's first and only MDR service specifically for SAP? Then register under arva.to/sapdigital22 for Timo Schlüter's presentation on SAP security.