The Principles for SAP Security-By-Design

SAP customers running comprehensive technology stacks are exploring security-by-design, an approach that begins with building security measures into software systems from the start.

“SAP projects need to embed security conciseness to respect this principle and gain a cyber-resilient application to prevent security breaches and minimize the damage caused by cyberattacks,” according to Christoph Nagy, CEO at SecurityBridge, who sat down with SAPinsider.

Nagy advises that organizations using SAP need to leverage the SAP technology stack to benefit from SAP’s proven track record of security and reliability, as well as the vast community support and expertise available for SAP technologies.

“They should implement regular software updates and patches, monitor for vulnerabilities, and keep security in mind with any configuration change,” explained SecurityBridge’s Nagy. He added, “All stakeholders should understand their role in establishing the system’s security, including following security standards, application hardening recommendations, and reporting suspicious activity.”

“Companies should keep a constant practice of identifying new attack vectors and reducing the attack surface which exposes an enterprise to risk of an impactful cyberattack and perform regular code and configuration vulnerability scansor eliminate SM59 and RFC destinations that are no longer in use to accomplish this goal. And there are many other steps that need to be taken,” says Nagy.

Attack surface area and simplicity go hand in hand, per Nagy. “Developers should be mindful of double negatives and complex architectures when a smoother approach would be more efficient and effective,” he advises.

Some SAP customers already had some unpleasant surprises with expired SSL certificates because no surveillance was activated. “Digitalization needs have led to the growing adoption of SAP BTP requiring more technical communication than ever before,” says Nagy. “Therefore, it is imperative to have an overview of all communication interfaces in an SAP landscape and their current state that is continuously updated.”