by Robert Holland, VP Research and Publishing, SAPinsider
On May 4, SAP announced that, while performing regular internal reviews of the company’s cyber security infrastructure, they discovered several of the company’s cloud products “do not meet one or several contractually agreed or statutory IT security standards.” SAP stated that the products impacted were part of previous acquisitions, specifically SAP SuccessFactors, SAP Concur, SAP Commissions (previously CallidusCloud Commissions), and SAP CPQ (previously CallidusCloud CPQ). However, SAP’s statement also indicated that SAP C4C/Sales Cloud, SAP Cloud Platform, and SAP Analytics Cloud were affected, possibly indicating a larger underlying infrastructure concern.
In the official announcement, SAP emphasized that these issues were “not identified in response to a security incident” and that they “do not believe that any customer data has been compromised as a result of these issues.” In addition, SAP expects that correction of the issues will “largely be completed” during the second quarter of 2020, and that any related costs will be covered within their current financial outlook for the 2020 fiscal year. SAP also plans on updating their security-related terms and conditions so they are consistent with other enterprise cloud organizations.
SAP’s statement indicated that they would be reaching out to any customers affected by the issues individually to inform them of the issue and support them while those issues are being addressed. Those impacted represent “approximately 9 percent of SAP’s 440,000 customers,” according to the company’s announcement. While not a huge number compared to SAP’s overall customer base, this number likely represents a significant proportion of those customers running the impacted products.
While waiting to hear from SAP whether they are impacted by these cyber security gaps, SAPinsiders should use this time to reflect on their own cyber security strategy. Here are some steps that can benefit your organization:
Following this guidance should help the SAPinsider Community make appropriate decisions around their cloud and enterprise security plans.
Robert Holland, Vice President of Research & Publishing, SAPinsider, can be reached at robert.holland@wispubs.com.
Your request has been successfully sent
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.