Protecting SAP is a lot like securing a building. You need to invest in certain infrastructure, such as locks, an alarm system, and cameras. Those systems have to be maintained, and replaced when they become outdated.
Finally, you need a vigilant team who can monitor your security systems, along with catching things those systems might miss — bad actors trying to sneak into the building using fake or stolen credentials, thieves who have found a way to bypass or disable the alarms, and insiders who (inadvertently or otherwise) compromise the security system.
While most organizations have good SAP cloud security infrastructure in place, many are lacking in maintenance and monitoring, which can put your landscape at risk. Here’s what you need to know.
Your Cloud Infrastructure is Secure
Threat actors look for the easiest way to compromise your landscape. In an SAP cloud, that weak point will never be your hosting infrastructure, or SAP itself. While no system is invulnerable, your service providers invest heavily in SAP cloud security infrastructure.
SAP and the SAP community use aggressive bug hunting and patching, provide resources and tools for security personnel, and frequently release new features and enhancements to keep up with security best practices to decrease the risks to your landscape. Public cloud hosts like Azure and AWS are just as vigilant, securing their hosting infrastructure with network hardening, intrusion detection and prevention, physical data center security and a range of other safeguards.
However, Poor SAP Management Can Make You Vulnerable
Although your cloud is secure, your apps and database may not be. Many organizations which run SAP internally treat administration as a side job for a developer or security consultant. That means they don’t have the time to apply patches quickly, leaving their landscape at risk from newly discovered vulnerabilities.
Without a sufficient SAP background, they may miss other threats too, such as excessive user privileges, default passwords that can be exploited by bad actors and configuration issues.
A Secure SAP Cloud Doesn’t Prevent Insider Threats
While outside attackers get the most attention, insiders are often more dangerous and harder to stop. Almost 75% of security incidents are caused by insiders. And it’s not just disgruntled or crooked employees you have to worry about. More often than not, insider security incidents are simple mistakes, such as:
- Reusing passwords
- Creating passwords that are easy to guess
- Storing login credentials on a publicly-available device
- Sharing credentials with coworkers
- Clicking unsafe links
- Forgetting to logout
You Need an SAP Administration and Security Partner
A secure SAP cloud starts with a secure landscape. Protera uses a yearly calendar for IS and application patching — including security patches — to keep your system protected.
We work closely with our vendors and cloud partners to be proactive in securing our AppCare platform. We also work with a number of external partners who continuously audit our systems, policies and procedures to ensure that industry best practices are followed.
From a security perspective, we’re every bit as diligent, following standard hardening based on NIST 800-171 standards as well as secure configuration guidelines for each type of system we deploy. Our AppCare platform incorporates best practices from NIST, SOC and ISO to be as secure as possible. Our security team has a range of different tools, such as Anti-Virus tools, IDS/IPS and SIEM, to protect against threats. All those tools are working in tandem as dictated by Protera Security Policies. Combined with 24/7 security and availability monitoring, this enables us to keep your SAP landscape secure in the cloud.
Contact us to learn more.