Reducing Cybersecurity Risk

⇨ Enterprise landscapes are changing as workloads move to the cloud, but organizations must understand and balance security across those landscapes

⇨ Managing and securing data and backups is vital to protecting the most important asset of any organization

Organizations today face four major challenges around remaining competitive, being innovative, reducing cost, and reducing risk. For many larger organizations the most important priority of those four is that of reducing risk, with cybersecurity risk a significant part of the goal of overall risk reduction. Companies have a lot at stake from a risk perspective including protecting their brand as well as the potential costs involved with any cyber-attack. They want to be protected and put in place the best security posture possible.

Improving Security Posture While Reducing Cost

To better understand these challenges, and particularly the area of reducing cybersecurity risk, SAPinsider sat down with Jason Cook, Regional Vice President for Sales Engineering, Major Accounts at Rubrik. Cook sees organizations balancing the need to put in place better cybersecurity while at the same time managing costs and providing an improved ability to recover systems in the event of an attack or failure.

But improving security posture and adding the ability to defensively recover is only part of the challenge according to Cook. “The other goal is to reduce cost,” he states. “Whether the spending is on-premise or in the cloud, the goal is to consolidate management capabilities into fewer tools that provides the ability to drive cost out of the environment.” Simplified security management was the most important factor for respondents who are looking to consolidate their security vendors in the recent Cloud Security Trends for SAP Customers benchmark report. According to Cook, solutions like that provided by Rubrik offer the key capability of managing everything in one place as well as providing capabilities that leverage native integration.

Cook sees an acceleration of organizations moving to the public cloud, something that is also reflected in SAPinsider research on SAP Infrastructure and Landscape Trends, so that they can leverage both the ease of use of the platform as well as the ability to scale. But he also sees organizations looking to minimize their recurring costs as much as possible in addition to make their move to the cloud more secure. Cook suggests that organizations should be focused on keeping systems secure and defensible, and to simplify and automate tasks like data protection and data security wherever that data resides.

Balancing Landscapes

“For the organizations I primarily work with, infrastructure is likely to be hybrid for the foreseeable future,” says Cook. “They are looking to maximize the benefits from cloud integration and software-as-a-service management that they get from the acquisition of a tool like Salesforce or Workday, but they are conscious of the fact that they’re continuing to run a large SAP environment on-premise. The challenge they face is how to manage all those systems in one place. How do I report on things centrally for audit purposes? How do I share my controls for recovery posture to regulatory bodies? How do I secure information across both landscapes while making that data portable?”

What Cook sees is organizations looking for ways to straddle the line between the services that can be leveraged in the cloud, particularly those powered by SAP, and those that they are still running locally. And while SAPinsider research reflects that either private or public cloud are the most likely planned infrastructure choices for those updating their SAP landscape, for 49% of respondents those updates are over a year away, while 23% are waiting until they move to SAP S/4HANA to update their infrastructure. In addition, more than a third (36%) report that they will continue to use a combination of local and cloud environments in future infrastructure deployments.

While these infrastructure changes may be happening over the next few years as organizations look to reduce the size of their local data centers over the next five to seven years, a significant challenge for these organizations is maintaining data stores for compliance reasons. Even though a company may decommission an older application and replace it with one in the cloud, the last copy of that deprecated system may end up becoming the last record of note. Tools like those provided by Rubrik can help store that data permanently so that it can either be recalled or demonstrated that there is a copy of regulatory purposes.

Managing and Securing Data and Backups

While landscapes will build the platforms for organizations, data is the most important commodity in the corporate space today. No matter what business or industry an organization operates in, it is managing large volumes of data that is both sensitive and critical. Applications must be up and running all day every day in order to do business. This is where managing and securing data and backups is just as important as protecting the data that is stored in live systems.

The two most important measurements that organizations use for data protection are the recovery point objective, how much data can be lost, and the recovery time objective, how long before data must be restored. But Cook says that organizations should consider not only how long will it take to restore data, but how long it will take to resume a service. Particularly in the case of an SAP environment, restoring data may not be equivalent to restoring the service.

As organizations look to back up their database environments, particularly SAP environments, they are looking at the data storage aspects of their overall security framework for backups. “The essence of data storage is immutability and air gapping,” says Cook. “It’s all the data security controls where the data resides only as a managed service.” This is what Rubrik offers through their Rubrik Cloud Vault solution which Cook describes as secure by design rather than secure by configuration and leaving that configuration to the end user.

This type of solution offers significant benefits because not every organization has a subject matter expert for given solutions. Cook sees the public cloud as a good example of this knowledge gap because it changes so frequently. Working with a partner or vendor that helps take the guesswork out of configuration is a major benefit as it allows an organization to leverage the best security controls and conventions from the first day. Companies may be familiar with vendors that provide this type of solution for perimeter and application security, but Rubrik provides that value for data security.

“Organizations generally want to have their most recent data on the platform, ready for quick recovery,” states Cook. “The bulk of their data is generally kept for compliance reasons.” Solutions like Rubrik Cloud Vault provides both economic and security benefits that also simplify the management of these backups.

But while managing and securing backups is critical, what can add additional value is an ability to look for anomalous patterns or suspicious behavior that might allow an organization to infer that a cyber breach has occurred. This combination of backup and security allows a vendor like Rubrik to offer unique benefits to organizations running SAP systems.

What Does This Mean for SAPinsiders?

Many organizations moving to SAP S/4HANA are looking to limit the volume of historical data they move into their new deployment both for cost and performance reasons. Ensuring that the full historical data set is backed up securely is crucial for compliance purposes is just as important as having a full recovery plan in place should something happen to the production environment. This is even more important as organizations balance managing and securing backups across both cloud and on-premise landscapes. What are some steps that can be taken to help prepare for these challenges?

• Define and understand your medium to long term infrastructure plans. Many organizations are still running SAP systems that have been in place for a decade or more. While some may have already shifted these systems to the cloud, others are still determining the timeline for that move and whether it will be part of broader transformation in the company. Understanding what your timeline is for infrastructure updates, and particularly what that infrastructure will be, is critical to ensuring that you can effectively secure and protect those environments. Ensuring that you make put security plans at the start of that process will also help streamline and accelerate the adoption of new platforms.
• Evaluate solutions that can help meet your secure data management and backup needs across environments. One of the biggest challenges that resource constrained organizations face today is complexity of tools, especially when different tools are required for different environments. Half the respondents to recent SAPinsider research are considering consolidating security vendors largely to gain simplified security management, increased efficiency, and reduced costs.Taking the time to look at solutions that will help address backup needs across cloud and on-premise systems through a single interface that does not require subject matter expertise in both environments can offer significant benefits.
• Find a partner that has the experience needed and can support capabilities that are key to deployments. Organizations are looking for partners that have the experience that they need to address their unique challenges. But different partners have different capabilities and levels of experience. Finding the partner that has the right experience to address your specific challenges can be difficult, but starting with one that has a significant background with SAP systems, moving to SAP S/4HANA, and transitioning and supporting cloud-based landscapes and applications is a good starting point.

 

About Rubrik

Rubrik is a cybersecurity company with a mission is to secure the world’s data. We pioneered Zero Trust Data Security™ to help organizations achieve business resilience against cyberattacks, malicious insiders, and operational disruptions. Rubrik Security Cloud, powered by machine learning, secures data across enterprise, cloud, and SaaS applications. We help organizations uphold data integrity, deliver data availability that withstands adverse conditions, continuously monitor data risks and threats, and restore businesses with their data when infrastructure is attacked.