Skip to content

How Organizations Can Optimize SAP Security Amid a Changing Threat Landscape

In our latest episode of the IT Unfiltered Podcast, Michael “MJ” Johnson, Director of SAP Solutions at American Digital, and Aiden Walden, Director of Public Cloud Architecture and Engineering at Fortinet, discussed some of the largest security threats they’ve noticed with SAP customers and what organizations can do to mitigate risk.

During the broadcast, the two had an in-depth conversation on the changes that have been made within our modes of work, with access now granted to employees working from home and across various devices along with extranet and public connections that come into SAP and transmit things like purchase orders and invoicing. This combined with other factors have notably altered the threat landscape.

But SAP customers can do a lot to guard against new threats. For instance, there are possibilities at the network layer to mitigate application-layer attacks, such as the implementation of virtual patching to fill that gap. Beyond this, consider a layered defense approach, with security established at various choke points coming into the infrastructure. Organizations also need a method for differentiating that traffic while still maintaining an optimized user experience. To this end, they’ll want to better understand benign anomalies versus malicious attempts. They’ll also want to identify security points that might protect applications in lieu of patching systems. One can filter a privilege escalation issue, for example, from contaminating one space to another.

The two also discussed a more holistic approach to sealing gaps, one focused on business intent while aligning SAP Basis administration with network security. This type of approach offers a stronger security baseline understanding of each application and user. It also offers opportunities to prevent a privilege escalation that might allow one user to access an application and hop to the database. Furthermore, it might aid organizations with the implementation of more appropriate segmentation along with a policy framework that’s intelligent enough to identify application type and, if certain activity is abnormal, block it. This change in approach can be challenging in organizations that are more siloed in their processes and requires buy in from all teams. When it comes to SAP, a security policy shouldn’t be viewed as one-sized-fits-all but, instead, one that’s dependent on the applications that are being pushed into any given environment. It’s a policy that will need to adapt over the course of its lifecycle as the environment grows and as different factors come into play. We’ve seen some organizations adopt this way of thinking, and although this shift can be challenging to adopt, the entire organization benefits. 

Moving forward, great opportunities exist for applying deep learning and AI to the SAP environment, helping organizations continually fine-tune. Advances are also being made with operationalizing data, workflow automation, and threat hunting. American Digital and Fortinet are great resources for clients that need assistance with their security protocol. Tune into the full conversation by listening to the American Digital IT Unfiltered Podcast on your favorite podcast player.

Back To Top