Why Supplementing SAP Cybersecurity Is Vital

Reading time: 9 mins

Meet the Experts

Key Takeaways

⇨ SAP systems contain sensitive information about your business and employees.

⇨ There are significant security gaps if companies rely on the standard SAP security features alone.

⇨ It is crucial to break down silos between IT and SAP teams to safeguard data.

Digital Danger

Everything that makes SAP systems so useful for business operations also makes them crucial to protect. All of the critical data stored within must be safeguarded with the highest priority. Lackluster cybersecurity can allow security threats to damage your organization in several areas. These include:

  • Personal information – SAP systems contain sensitive and identifiable information on all employees like Social Security numbers, payroll data, and more.
  • Intellectual property – Perhaps the most potentially damaging threat facing businesses is the loss of intellectual property. Hackers can access IP stored in SAP systems, like investments and innovations. This can cost your business the leg up it earned through developing its own products and processes.
  • Audit – Enterprises can face enormous fines if they fail an audit. If an organization is found to be non-compliant with security standards, it can also require significant time and resources to rectify the situation and overhaul systems to meet requirements.
  • Fraud – Businesses risk fraudulent activity through the manipulation of business processes without adequate cybersecurity.
  • Downtime – Certain types of cyberattacks can hamstring your company’s ability to run day-to-day operations, costing essential time and hampering income.
  • Reputation – It is difficult to put a specific dollar value on reputation. But business leaders know how impactful a shift in perception can be. Suffering a significant cyberattack can damage the standing of customers, vendors, and even with employees within the company whose personal information is exposed.

SAP Blindspot

SAP users may be under the impression that their landscape is secure due to built in security features, but relying on the standard features can leave data exposed to hackers who can quickly gain access. Within the last 24 months, 65% of SAP systems were breached. These breaches can cost organizations millions of dollars in lost revenue, brand damage, stolen IP, and fines.

The threat of security breaches can be enough to make some enterprises shy away from cloud moves. This can also be costly, as holding back a business out of concern can slow or stifle innovation. This can hold a company back from being as competitive as possible in today’s business climate.

SAP systems are open to the outer world. Even though these systems are just behind the firewall in most instances, there is potential to enter a network of an organization. However, these outside poor actors are not the only threat that must be considered. Some threats may come internally as well.

Though it is unpleasant to think about, internal threats pose a significant risk to organizations. Without proper privilege escalation guardrails, users can gain access to data they should not be able to reach.

“SAP has a very strong API. You can do whatever, change system settings, you can create user accounts, can just assign the highest privileges possible in an SAP system through remote control or through a very potential or highly critical API of SAP and interfaces. So, the internal threat factor is through the manipulation of systems, the change of system settings, or creating an account like a dormant account that sleeps half a year and will be used half a year later with highest potential privileges,” said Christoph Aschauer, director for SAP Solutions at Logpoint.

Security Silos

One of the major issues that can expose SAP systems to security threats is the fact that these systems are often siloed away from the security team. When SAP security is disconnected from the central security strategy, this can hamper the ability of security and SAP specialists to sufficiently monitor, patch, and spot malicious activity.

“There is a lack of cybersecurity in SAP departments. We see that SAP is taken care of in an SAP department but the traditional IT security is taken care of in a cybersecurity department. It’s very rare that these two departments and big parts of the organization and teams really work together to follow a joint goal, which is the best possible protection of SAP,” Aschauer said.

Many organizations separate the important functions within SAP systems—supply chain, financial data, business strategy, and more—from incident response programs because of the complexity of these programs. Standard SIEM tools are unable to understand SAP logs, making it difficult to assess cybersecurity risk.

A Holistic Approach to Security

Utilizing a holistic approach to your cybersecurity challenges means organizing your business in such a way that all necessary parties are ready and able to address any threats that are detected. This is a critical point for enterprises, but it can often be difficult to attain such a high-level view of your business from within.

Cybersecurity solutions provider Logpoint is able to step in and help speed up business transformation by ensuring security in the following ways:

  • Full onboarding and integration of business-critical systems to cybersecurity technology
  • Continuous, automated, and holistic monitoring of ERP in SIEM by pre-defined, ready-to-use alerts
  • Unlock the value of advanced analytics (UEBA) and security automation (SOAR) for ERP/SAP/BCS
  • Use of anomaly detection to uncover insider threats, fraud, and advanced attacks
  • Use of automation to accelerate detection, investigation, and response to ensure appropriate action
  • Combine orchestration and playbooks to guide the investigation and keep track of ongoing cases

By incorporating these key points into your security strategy and making it a holistic endeavor, companies can regain control and transparency of their SAP environments.

Stay Secure from Day One

Part of thinking of security as a holistic endeavor is making sure to involve all necessary parties before a move to the cloud—namely both IT security and SAP teams. By incorporating both teams in the planning phase, security teams can help cover for the SAP teams who may lack cybersecurity knowledge and vice-versa.

Because SAP’s solutions are expansive, it only makes sense that the security tools used to secure it should be expansive as well. Logpoint will be able to cover the SaaS technologies offered by SAP, such as SAP SuccessFactors, SAP Ariba, and SAP Concur soon. SuccessFactors will be available in January 2023; Ariba, Concur, and others are on the roadmap for 2023. It is important to include experts in all these categories in planning phase discussions to ensures that all potential security issues are being addressed.

Automated Security

Automation is one of the best tools that companies have against cybersecurity threats. Automated detection tools can highlight activity that is out of the ordinary, and then automatically send out alerts and start response actions to save precious time with a security incident.

“The cyber security platform of Logpoint brings not only in the data, but we look at the data in a continuous automated manner. So the cyber security platform listens to the incoming SAP information, and will issue an alert for a certain critical activity or suspicious activity or abnormal activity,” said Aschauer.

Logpoint features two automated security features:

  • UEBA (user and entity behavior analytics) – This tool helps IT and security teams uncover suspicious behavior. It can also find security incidents that the human eye may not detect. UEBA uses advanced machine learning to build a baseline of typical behavior for users, groups, and entities that function within the network.

This works differently than other solutions that rely on standardized predefined rules for behavior. UEBA’s machine learning–derived insights allow it to discover odd or risky behaviors that may otherwise go unnoticed.

  • SOAR (security orchestration, automation, and response) – In the event of a security incident, Logpoint forwards alerts to the SOAR platform, which can automatically start the necessary response protocols, saving security analysts time.

Users can install custom playbooks to initiate the necessary response based on the type of incident. This allows organizations to quickly investigate, isolate, and eliminate security threats.

Aschauer demonstrated an example of how this works:

“Let’s say there is a critical access of a highly privileged account, like standard accounts in SAP, that must not be used. An alert can be set up that will trigger an alarm whenever this “SAP*” (SAPstar) account takes action in a system. And the automation work in a way that the computer or a certain application that is using the SAP* account can be then quarantined in a quarantine network automatically using a REST API of a next generation firewall, for example, so that these malicious clients can be just isolated in a network so that the connection is just cut.”

Automation can shorten incident response times, which can make the difference between a near miss and a crippling cyberattack. Logpoint also features ready-to-use controls, checks, and dashboards that make it easier to operate during crucial moments.

Safeguarding Innovation

Innovation is the lifeblood of a business—especially in the technology sector. But it is not always simple for cybersecurity platforms to protect newer innovations.

Innovating too quickly is not the only issue. Sometimes businesses may shy away from implementing new technologies over related security fears.

“The counterpart with SAP is that organizations shy away from a cloud move, moving from on-prem, or moving into hyper-scaler environments because they fear data is just given out or handed out to and being stored in the hyper-scaler environment,” Aschauer said.

Businesses may be concerned that they cannot risk moving to the cloud. But the real question is whether they can risk not making the move. Besides potentially stifling innovation, remaining on-premise can also hamper your ability to implement newer security measures.

“Onboarding to a hyperscaler infrastructure-as-a-service or platform-as-a-service or software-as-a-service solutions is probably the safer space than just being on-prem. But the most important thing here is that when you move to these different platforms you bring in an IT security team that makes sure that all that new infrastructure and new servers are safely purposed, set up, configured, and accessed. It is also important that all kinds of logs are available and can be monitored in an automated way,” Aschauer said.

Ahead of a move to the cloud, organizations need to realize that they cannot rely on the cloud provider to handle all of their security requirements. They must take responsibility and accountability for their IT and environment and make sure that everything is monitored properly across all layers.


Compliance rules may feel cumbersome, forcing companies to adhere to a strict set of regulations. But businesses can minimize their risk of both failing an audit and failing to repel any potential security issues by adopting solutions that are already prepared for compliance.

It is one thing to detect a security issue, but it is also vital for the long-term security of a business that they are able to alert the security team and provide a detailed accounting of the incident to remedy any problems—and make sure that it never happens again.

“We look at access to personal data and make sure that we monitor the access that happened and can issue an alert as soon as possible when things happen—to monitor in near-real-time but also for a later inspection or forensic analysis it’s important to have all kinds of logs available,” Aschauer said.

In all likelihood, data is not automatically stored in an SAP system for a very long time. That may not seem like an issue until that data is necessary for an audit or to review the lead-up to a security incident. Logpoint can store essential data for a very long period, while also ensuring that any queries for that data happens quickly and efficiently.

In Conclusion

Data security is vital for any business in this day and age, particularly those relying on SAP for mission-critical functions. Yet organizations often miss the critical step of ensuring that SAP departments and security departments are on the same page. This can lead to gaps in the security of this all-important landscape. If exploited, these flaws can expose employees’ personal information and valuable IP, as well as tarnishing a company’s reputation and opening it up to an audit—all of which can cost a company millions of dollars.

Logpoint helps close these gaps by aiding organizations in adopting a holistic approach to security that brings all relevant teams together so they can collaborate to secure SAP systems. Logpoint also offers automated tools to quickly single out suspicious activity and other security threats, as well as to contain the issue.

With Logpoint, businesses can confidently move to cloud or hyperscale environments without worrying whether their provider has adequately prepared its security systems. Even IaaS, PaaS, and SaaS solutions can be safer than a traditional on-prem environment. This allows businesses to maximize innovation while still making security a top priority.

More Resources

See All Related Content