Companies today are dealing with a different type of attack on their IT systems than in the past. Whereas attacks used to be random and unorganized, they are now much more targeted and planned. And it is not only large corporations that have to fear cyber attacks − smaller companies are also increasingly affected and must therefore ensure a high level of protection. Another challenge: Hybrid system landscapes with a combination of on-premise systems and cloud applications are complex in their architecture and therefore particularly complex to protect.
The biggest weak point in cyber security is the user. Attackers repeatedly try to exploit the “human factor” as the supposed weakest link in the security chain and realize their criminal intentions in this way. Social engineering is used to persuade users to install malware or hand over sensitive data. In addition, software security vulnerabilities are also repeatedly used by cyber criminals as a gateway. A lack of security patches and updates, overly broad authorizations and inadequately secured services also have a negative impact on a company’s cyber security.
In view of the serious threat situation, cyber security is to be increasingly improved with the help of legal regulations. Since May 2023, operators of critical infrastructures (CRITIS) in Germany have had to comply with the regulations of the IT Security Act 2.0 (IT-SiG 2.0). The NIS 2 directive of the EU even exceeds the IT-SiG 2.0 in its regulations. All companies covered by NIS 2 are required to implement a range of cyber security measures to protect their IT infrastructure, networks and critical services. EU member states must have implemented the regulations of NIS 2 in national law by October 2024 at the latest.
„Cyber attacks have become an enormous threat to the German economy. According to our findings, one in ten companies therefore sees its existence threatened.“
With regard to cyber security, SAP systems play a special role in several respects. On the one hand, they are a worthwhile target for attackers because they contain a lot of sensitive data (for example, employee data, financial data, and supplier data). Consequently, this data is particularly worthy of protection. Due to the paramount importance of SAP systems for many fundamental business processes, companies are at risk of production downtime, data loss and damage to their reputation if cyber criminals successfully attack them.
On the other hand, due to their complexity, SAP systems offer numerous gateways for attackers that need to be monitored. But how exactly do unauthorized persons gain access to SAP systems? The most popular starting points are standard passwords, poorly secured dangerous services, overly broad authorizations and missing security patches.
The goal of SAP Cyber Security is to protect company-relevant data and information from unauthorized access. The aim is to detect threats promptly so that the period between the attack itself and its detection remains as short as possible. To achieve this, all processes within the SAP systems should be monitored continuously in the background. In this way, conspicuous processes can be detected quickly and appropriate countermeasures can be initiated.
+49 7131 2711-3000
Individual measures are not enough to effectively protect the digital heart of the company in the long term. Instead, a holistic view of cyber security in the SAP environment is required. Only if the SAP security strategy is seamlessly integrated into the company’s general IT security strategy can security threats be minimized and negative consequences for the company averted. Key measures include:
Establishing an SAP security organization with clear roles and responsibilities to initiate and implement security measures in a targeted and effective manner
Defining necessary protection requirements for the SAP landscape
Continuous review and introduction of targeted protective measures
Control of authorizations and accesses in balance between security and business requirements
The ideal strategy when it comes to cyber security is to take a two-pronged approach by effectively combining preventive measures with continuous system monitoring. Preventive measures form a fundamental part of the SAP security concept because they make an external attack as difficult as possible. In the best case, attackers are not even able to overcome the security hurdles and penetrate the SAP system landscape to cause damage. The most important preventive measures include, for example, tailored authorizations and a clear role concept.
Despite all these precautions, attackers may still be able to bypass security measures and gain access to systems. With the help of so-called SIEM solutions (SIEM = Security Information and Event Management), companies create the technical prerequisites for detecting, analyzing and defending against hacker attacks. Permanent monitoring improves security, identifies anomalies and suspicious activities, and thus detects threats to cyber security.
The OSI model (also called ISO/OSI layer model) is a reference model to describe the communication between systems. It is composed of seven different layers, each of which fulfills its own tasks. Threats to security can occur in any layer of the model. Therefore, with respect to cyber security, each layer must be secured on its own to prevent potential intruders from gaining access to the entire system. Network intrusion and data compromise can become an existential threat to organizations.
The biggest threat to the physical layer is the disruption of electrical signals transmitted between network nodes. This happens, for example, through the cutting of cables, natural disasters where floods cause short circuits, or human vandalism.
To avoid outages, companies use multiple network lines. Likewise, it is recommended that all core elements of the network, such as servers and storage, be housed in different redundant cloud data centers.
The data link layer ensures the reliable transmission of data over a physical connection. Measures for higher security primarily start with improving port security. Switches are configured to limit the ports that can respond to DHCP requests. Additional protection is provided by installing intrusion detection systems (IDS).
Routers are the most common gateway into the network layer. Attackers cause an overload of the router by bombarding it with requests so that it can no longer accept genuine requests.
The most effective protection against this is consistent adherence to router, firewall and switch configuration best practices. The router operating system should always be up to date. It is also advisable to block all unused ports and disable unused services and interfaces. Other protective measures include regular audits of unusual activity and encryption of all switch traffic.
Transport Layer Security (TLS) secures all communication between web servers and browsers. TLS is a cryptographic protocol for end-to-end communications security over networks, used for internet communications and online transactions. This is intended to prevent eavesdropping, reading, and forging of messages on the transport layer.
The session layer manages the establishment and termination of the connection between communicating end devices and thus ensures process communication between two systems. A connection is maintained while the two endpoints are talking to each other. Regular version updates and patches for the hardware are used to eliminate existing or potential vulnerabilities in terms of security.
The most common threats on the presentation layer are manipulated SSL requests. Attackers use SSL to tunnel HTTP attacks and attack the server. Effective protection requires high effort, as SSL encryption checking is extremely resource-intensive.
The application layer is the interface to the users, who make contact with the network here. The users represent the greatest vulnerability in the entire network and often serve as a starting point for attackers to gain access to the network. Attacks are typically carried out with viruses, worms and Trojans, as well as via program vulnerabilities or security holes in the applications.
Accordingly, the application layer is difficult to protect. The most important security measures include firewalls and secure web gateway services. Application monitoring using special algorithms should be an important part of the security concept.
Identity lifecycle management is part of enterprise security and describes all processes for assigning roles and authorizations − from when an employee joins the company, through changing responsibilities or even department changes, to when he or she leaves.
SAP Identity Management focuses on the traceable management and consistent distribution of digital identities throughout their lifecycle – assignment, repeated adjustments, deletion.
SAP Access Control is a product for identifying risks, minimizing risks, and automating workflows. The focus is on the traceable management and consistent distribution of users and authorizations throughout their lifecycle.
SAP Single Sign-On enables end-to-end authentication against SAP and non-SAP applications. Central management of access data increases security, as only one user ID is required for all applications.
SAP Cloud Identity solutions enable authentication (IAS), single sign-on (SSO) and provisioning (IPS) against SAP cloud systems. Especially in hybrid system landscapes, they ensure complete integration.
Authorizations in SAP systems grant users access to the applications they need to perform their activities. In order to map the processes securely and correctly, SAP authorizations must be subject to regular control and post-processing.
With SAP Enterprise Threat Detection (ETD), companies protect themselves effectively against cyber threats. The software provides a detailed overview of suspicious activities in SAP landscapes and detects breaches as they occur. This enables companies to neutralize threats at an early stage.
The tools of the SECMENDO product suite extend the capabilities of existing SAP Identity & Access Management (IAM) solutions. The goals are an improved user experience, enhanced functionality and more efficient processes.
Simply complete the form and submit it. We look forward to your inquiry and will contact you as soon as possible.