Cyberattacks are on the rise, as threat actors become more creative, geopolitical conflicts rise, and supply-chain disruptions continue to surge. At the same time, security teams are tasked with siphoning through a massive amount of raw data to uncover true threats. As the challenges continue to mount, this is causing general fatigue among security teams, as they continue to face all the cybersecurity and ransomware attacks thrown at them.
This is where a third party can cut through all that noise and find the true threats quickly. I recently had an opportunity to sit down with Ryan Throop, executive consultant – Americas Lead SAP Security Services, IBM Consulting, and Nathan Weaver, senior director, SAP Business Unit, Microsoft, on The Peggy Smedley Show to talk specifically about SAP security.
Throop says SAP is a large software company and provides solutions that literally cover all aspects of a business—and there are so many security concepts that need to be covered. Add to this the fact that nearly every large corporation in nearly every vertical market from manufacturing to retail runs SAP, and the need to secure it becomes paramount.
“What we do is we developed a framework called the 13 layers of SAP security that really look at these security challenges from a traditional technical security standpoint, from a compliance and controls perspective, sometimes you see that referred to as governance, risk, and compliance, or GRC, and really in the past couple of years we are focusing based on what our clients are needing and the trend is on SAP cybersecurity,” Throop explains. “Across those three areas that is really what encompasses that broader SAP security space.”
Weaver adds when we think about the relationship Microsoft has with SAP, it runs 30 years deep. And, in fact, it often uses itself as customer one.
“Today, we run a huge environment,” Weaver says. “We have a very large SAP system. If you think about it, every Xbox transaction, every Surface device transaction, all of these transactions go through a Microsoft SAP environment running on Azure. We have a vested interest to make sure it is secure, not only for our customers, but also for ourselves.”
Securing SAP
As challenges rise and new technologies emerge like AI (artificial intelligence), and the edge, leaders need to better understand how to secure SAP. They need solid strategies for how to keep the bad actors at bay. So, how then do they do that? Throop and Weaver have some keen ideas.
“SAP, like IBM, we love our three-letter acronyms. What I am seeing with a lot of our clients is they are inundated with so many new SAP products,” Throop says. “Things like BTP (Business Technology Platform), IAS (Identity Authentication Service), and it goes on and on. And with these new products and technologies, clients aren’t quite sure where to start, and aren’t sure where to put that focus.”
Throop goes on to explain all of it needs to be secured, but there is an order. “There is an order that we can help put around all of this madness to make sure those highest risk items, those items that we are seeing threat actors show the most interest in, those are the ones we need to look at first, using that risk-based approach.”
There are copious organizations keeping an eye on the threat and vulnerability space. And as Throop explains, many have a very mature security operation center, but what they often do not have is that same level of visibility of the security event logs across the SAP landscape.
Weaver also sees values here. “With Azure, with our Microsoft cloud approach, we have a shared responsibility approach, or a shared responsibility model,” he says. “We have all the tools out there to do pretty much anything and everything you need to. That is why we love working with IBM security with our customers because you need a general contractor or a quarterback that can help really look at the entire landscape soup to nuts to be able to assess and look at that so you have the knowledge.”
At the end of the day, leaders are facing new challenges when it comes time to secure their data. A third-party partner could help in the threat and vulnerability environment and be one way to have a high level of visibility of the security event logs across a large dataset. How will you proceed forward in this era of cyber wars?
Want to tweet about this article? Use hashtags #IoT #sustainability #AI #5G #cloud #edge #futureofwork #digitaltransformation #green #ecosystem #environmental #circularworld #security #cybersecurity