Insights for Your Emerging SAP Security Strategy

Security is at the forefront for many IT leaders and their technical teams. Between regulations such as GDPR and mounting cyberattacks, most enterprise businesses want to know that they are doing the right things on a daily basis to protect their critical assets.

SAPinsider had the pleasure of sitting down with key leadership from SAP security company Onapsis last week. The discussion ranged across many topics, from the state of SAP software and enterprise security to Onapsis’s recent acquisition of Virtual Forge and its impact on the SAP customer base.

Here are some of the highlights of our discussion:

• • SAP S/4HANA and cloud security are among the hottest security topics for SAP customers. It’s not so much that either of these platforms are inherently insecure, but every new application — particularly one that hosts your data or application on a public network — must be scrutinized. Onapsis is seeing a lot of customer interest in assessments, research, and updates related to SAP S/4HANA and cloud security, and is fielding a lot of requests to examine the security impact of SAP Fiori.

• • The recent acquisition of Virtual Forge provides new, integrated options for SAP customers. “This acquisition made so much sense from a customer and product portfolio perspective. There is very little overlap for us in product, functionality, and customer base,” said Juan Perez-Etchegoyenk, CTO at Onapsis. The newly combined company now has over 300 employees and reach into both the North American and European markets. Most important, its new product portfolio has an increased technical depth, extending down into the custom code and interface levels. Early customers have found comfort in now being able to go to just one vendor.

• • A proactive mindset separates leaders from laggards in the enterprise security spectrum. We had a lively discussion about the meaning of maturity when it comes to enterprise security and, in particular, managing the security of your SAP landscape. In our combined conversations with SAP customers, we theorized that those on the leading edge take a much more proactive approach to potential security threats and vulnerabilities than those just firefighting as the need arises. SAPinsider will be researching this topic in depth in our upcoming research report on enterprise security maturity.

As you continue to ponder your own security strategy and where your organization may be on the enterprise security curve, here are a few things to consider:

• • Do not underestimate or underexplore security as part of your upcoming migration and IT projects. Companies like Onapsis and SAPinsider are hard at work trying to understand potential vulnerabilities as they appear. Leverage these resources to stay informed about patches, integration, and other important security-related topics. While the cloud brings a wealth of benefits, flexibility, and innovation, you have to know how to protect your assets.

• • Understand the integration points. As with any project these days, integration is key. Whether you buy tools from partners such as Onapsis or others, it’s important to understand the scope of what you’re getting and what the tools monitor. No vendor covers it all, and as SAP security becomes more tightly integrated with general information security and cybersecurity efforts, it’s important to know how your tools integrate and feed data to higher-level applications.

With a proactive, comprehensive approach to understanding and addressing the security needs of your SAP landscape, and by leveraging resources such as Onapsis and SAPinsider, you can rest assured that your critical assets remain safe and secure.

Rizal Ahmed can be reached at rizal.ahmed@wispubs.com. Follow us on Twitter at @SAPinsider.