Virtualization Technology News and Information
SecurityBridge 2023 Predictions: Cybersecurity Wakeup Call - SAP Touches All Mission-Critical Systems


Industry executives and experts share their predictions for 2023.  Read them in this 15th annual series exclusive.

Cybersecurity Wakeup Call: SAP Touches All Mission-Critical Systems

By Ivan Mans, CTO, SecurityBridge

We have already observed a demand increase for an all-encompassing SAP security strategy, and in 2023 this trend will continue. The silo department approach for SAP security is starting to break down in favor of broader accountability, stretching up to the C-Level suite. Many stakeholders in organizations around the world realize that SAP systems touch all mission-critical software in use. They can no longer turn a blind eye to the fact that one missed patch or malware-disguised PDF can halt the output of many departments worldwide.

For citizens, businesses, and the government, the issue of a society being dependent on networked systems is becoming increasingly apparent. Awareness is now focused on the fact that cyberattacks can disrupt critical infrastructure. This epiphany is stimulating a legislative focus on hardening all mission-critical systems.

Critical Infrastructure refers to businesses or institutions necessary for the general populace. These organizations are governed by extensive SAP systems that must be constantly monitored for abnormal behaviors; if ignored and hacked, sustained supply chain interruptions and other grave consequences are likely to happen. Therefore, appropriate procedures and technologies are necessary for network protection.

Redtape Must Be Removed; Europe's Good Faith Cybersecurity Legislation

The Network and Information Security (NIS) Directive, the first piece of cybersecurity law adopted by the entire EU, has as its primary objective the establishment of a high standard of cybersecurity across all Member States. Although it improved the Member States' cybersecurity capabilities, implementing it proved challenging, leading to fragmentation in the internal market at various levels. The Commission has proposed replacing the NIS Directive to strengthen security requirements, address supply chain security, streamline reporting requirements, and introduce more stringent supervision measures. These measures include unified sanctions across the EU in response to the growing threats of digitalization and the rise in cyberattacks.

In 2023, we see the challenges and fragmentations to unified cybersecurity posed by legislative bodies lessened. The stigma and disruptions caused by inevitable 2023 cyberattacks will help create a unified front. However, an attack that shuts down a major utility-such as the December 23, 2015 cyberattack on Ukraine's Prykarpattyaoblenergo power grid-will force a clear speed-of-security path.

More Companies Trust SAP In The Cloud

There are benefits to moving workloads and apps to the cloud, including eliminating some troublesome maintenance contracts for on-premise hardware and software and freeing up on-site computing resources for other applications you wish to maintain close to home. But as necessary data leaves the building and moves to the cloud, there is a more critical requirement for ongoing oversight and deep operational insights; and SAP security is a crucial component in meeting this requirement. SAP upgrades, S/4HANA migrations, and new SAP system installs are increasingly found more often in the cloud than on-premises. These SAP cloud implementations increase scalability and agility and widen the potential attack surface. In addition, SAP is undergoing a corporate change to become a cloud provider. As a result, many of their new SAP applications are frequently introduced as cloud services and afterward as on-premises solutions.

Next year, the SAP in the cloud trend will quicken its pace, partly due to purpose-built SAP security tools adding the needed layer of protection. However, the fact remains that any organization transferring its applications to the cloud must assume responsibility for the security of its data by implementing its monitoring services. Furthermore, by investing in SAP security solutions-intrusion prevention, detection, and patch management technologies- companies can avoid disputes with their cloud provider on who is to blame for any SAP security breaches.




Ivan Mans is a long time SAP technology consultant, having worked in the SAP space since 1997 - the early days of R/3. In 2012 Ivan co-founded SecurityBridge, and in his current role as CTO, he is a motivated driver, inspires people, and pushes technology that contributes to the continuous innovation of the SecurityBridge Platform. In recent years, Ivan has been a regular speaker at SAP events, evangelizing SAP security.

Published Friday, January 27, 2023 7:37 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<January 2023>