Five SAP application security trends
Some trends come quickly and disappear from the scene. For example, artificial intelligence was going to be the savior of cybersecurity, but this trend has turned out to be a smokescreen.
Here are five SAP application security trends that are here to stay.
1 -- Detection of Anomalies within the SAP Log-Stack
SAP applications help companies to handle these business-critical processes. It is, therefore, no surprise that auditors, information security, and even the executive board are highly interested in ensuring that all operations are recorded as transparently and comprehensively as possible. The good news is that SAP systems fulfill this requirement wonderfully. If this were not the case, the auditors would be unable to release the year-end audits to the SAP customer. SAP systems record changes to the business documents (sales orders, invoices, customer master, etc.) and the user master in various logs and protocols. With so much information available, it is easy to lose track and even more challenging to detect deviations from standard behavior, so-called anomalies.
Consequently, solutions on the market address this challenge extremely efficiently and elegantly, detecting deviations in user behavior, fraud, or cyber-attacks faster and more reliably.
2 -- SAP Threat Modeling
While there is debate about what the definition of SAP threat modeling is -- as even threat modeling without SAP has several definitions and interpretations of how the topic should be approached -- it belongs on this list as a top SAP security trend.
Rather than being a deliverable, threat modeling for SAP is more of a journey, and the added value for SAP customers is enormous. Only those who actively examine their threats can make targeted investments and achieve a positive cost-benefit ratio.
3 -- SAP Can’t Exist Without Compliance Management
Even in 2022, a large proportion of SAP Security is still due to audit and compliance requirements. Audit and compliance mainly exist because many customers still host their business-critical data in on-premise server infrastructures that operate far away from the dangerous Internet. That is not meant to sound sarcastic or negative. Instead, it is meant to ensure that customers using SAP systems can operate them in a continuously compliant state. Working in a continuous compliant state ensures that the next audit does not unnecessarily elevate heart rates while keeping the security posture of the SAP systems and data under control.
4 -- Application Security-as-a-Service Models
Another AppSec trend is that more companies are turning to professionalized help in the form of Security-as-a-Service offerings. Not individual security consultants but standardized managed services are becoming prevalent.
Security-as-a-Service is the logical response to the high workload and shortage of specialists in AppSec and SAP security. These specialists offer everything from threat monitoring and response to establishing a regular security baseline and missing patch verification.
5 -- Aggregated Vulnerability Information Will Become a Must-Have
To get a more holistic view of its vulnerability landscape, an organization needs to aggregate vulnerability information from the tools it uses throughout its organization and display that information in a single view, which can improve prioritization and aid in proving that compliance requirements are met.
Demand for open API-driven integrations that allow sourcing detected vulnerability information is creating pressure on app sec tool makers to offer that functionality at enterprise scale natively. Users benefit from security solutions that offer an open API with the ability to forward discovered vulnerabilities while sending their risk assessment to available enterprise vulnerability management systems.
Christoph Nagy has 20 years of working experience within the SAP industry. He has utilized this knowledge as a founding member and CEO at SecurityBridge -- a global SAP security provider, serving many of the world's leading brands and now operating in the U.S. Through his efforts, the SecurityBridge Platform for SAP has become renowned as a strategic security solution for automated analysis of SAP security settings, and detection of cyber-attacks in real-time. Prior to SecurityBridge, Nagy applied his skills as a SAP technology consultant at Adidas and Audi.