Skip to Content

Why securing the SAP landscape is a business essential

Marieke Van De Putte
1 Jul 2022

Looking at the current cybersecurity landscape calls to mind the fable The Boy Who Cried Wolf. Many businesses are fully aware of the threat of the wolf, but with repeated calls to look at a multitude of dangers, businesses are fast becoming disorientated as to where the danger really lies.

Where it differs from the tale is that many of the cries are not unfounded, and yet, they might not always be as fatal as they’re made out to be. With SAP security, however, the risks are real and the consequences of not acting on the dangers, seriously, can be serious.

Used by the vast majority of multinationals around the world, SAP (systems, applications, and products) security protects business processes and data of high value, such as sales, finance, and personnel information. Traditionally, businesses would lock critical information in a data center, protected by a proverbial lock and key, with peace of mind. SAP, however, is primarily focused on authorization management and segregation of duties.

While this approach was once enough, today it is not. The digitization and movement of assets in the cloud means that online threats are increasing in number, diversity, and impact, leaving organizations under a far greater threat of opportunistic attacks. In 2019, research found that nearly two-thirds of organizations reported an ERP (enterprise resource planning) system breach over a 24-month period from attackers after critical data. More often than not, this is a result of unsuitable SAP risk management solutions.

Shifting sands

In 2021, SAP and Onapsis issued an intelligence report warning organizations to take immediate action and review and monitor their SAP landscape. This was aimed at companies using old and vulnerable SAP versions, which are difficult to patch by today’s security standards.

Just the year before, the RECON vulnerability left tens of thousands of customers’ data exposed to attackers; if exploited, an unauthenticated user would have been able to create a new SAP profile with maximum privileges to circumnavigate access and authorization controls. It was patched soon after, but it exposed the risks associated with relying on a system without proper monitoring.

Today’s leap to the digital economy creates opportunities for companies to transform and scale, and SAP encourages customers to move to SAP S/4HANA – a cloud-based ERP system – to reap such benefits. This migration is a necessary modernization for many businesses, but it’s worth bearing in mind that it doesn’t guarantee out-of-the-box security. It still requires continuous monitoring to identify threats and vulnerabilities.

Getting ahead

Securing SAP platforms demands a proactive approach. With more and more critical infrastructure connected to the internet, possible entry points multiply every day. Research by Statista estimates that the number of connected devices is set to triple from 8.7 billion in 2020 to 24.4 billion in 2030, and this number will only continue to grow.

Hackers generally want to create the greatest impact possible, which is why we’re seeing increasing attacks on critical sectors such as life sciences and energy and utilities. Take the example of medicine: if an attacker can bypass security and enter through the back door, there’s a chance they could edit essential information related to the product make-up at the production stage. This goes beyond business disruption to affect consumers, sometimes with life threatening consequences.

Ideally, SAP applications provide businesses with a way to manage their departments effortlessly. But nothing should be taken for granted, especially as businesses move data and even applications into the cloud. Whether you have public or private clouds, you must have security measures so that you know who is taking care of what when it comes to security. To understand what they are or aren’t doing, it’s important to be proactive by examining, monitoring, and assessing.

Assessment and management

Locking down SAP security may seem like a complex task – and it is without the right practical processes in place.

This is why by implementing effective vulnerability assessment and vulnerability management, you’ll be able to identify new threats and weaknesses in security configurations and prioritize vulnerability remediations for mission-critical SAP systems.

To cover these bases, Capgemini has developed a unique holistic solution that shields your system from data breaches and potential losses. With quick and real-time insights, our Vulnerability Assessment reviews, evaluates, identifies, and reports on SAP weaknesses. But with the landscape always changing, it cannot end there, which is why we combine continuous management to monitor and identify new vulnerabilities in the environment.

For businesses to seize the advantages of cloud-based security, it is essential they understand the SAP landscape better. To navigate complexity, improve compliance, and seize the potential of cloud-based digitization they must be able to know which cry of the wolf to prioritize. This is no small feat, but through better collaboration, it is more than possible.

Contact Capgemini today to find out how our network of global SAP experts can help your organization embrace this new generation of cybersecurity.


Marieke Van De Putte

Global Domain Lead Cyber Compliance | SAP & Cyber | NL Service Line Lead Security & Compliance
Specialized in developing practical approaches to Security, Risk & Compliance and applying Automation possibilities. Contributing our team’s expertise to Digital Transformation projects, like IT Outsourcing and Cloud Migration.

Mark Sampson

Principal Enterprise Architect SAP and Cloud Centers of Excellence
Has over twenty years’ experience in both IT consultancy and end user positions with a specialization in SAP design, architecture and delivery. Since 2012 he has been focused on delivering SAP solution onto hyper scale cloud providers (AWS/Azure).