Data Breaches Are Expensive: Three ways SAP teams can reduce their risk.
Medibank’s 2022 data breach cost $46.4 million last financial year, and the total cost could pass $80 million.
In 2019, an IDC research study reported that nearly two-thirds of businesses that rely on SAP or Oracle have suffered a breach of their ERP systems in the past two years.
Of the 64% that suffered a breach, sales data was most compromised (50%), followed by HR data (45%), personal customer information (41%), intellectual property (36%) and financial data (34%).
Therefore, SAP customers must have a comprehensive strategy to secure this data type. Unfortunately, there is no one silver bullet; often, several simultaneous approaches are required.
Three SAP data risk reduction strategies.
Securing non-production data
For most companies, an enormous amount of sensitive data is held in non-production systems and other areas. Test data, data lake data, warehoused data, and transferred data can contain any amount of sales, HR, customer, or financial data.
A straightforward solution for DEV, QAS or Pre-PRD systems is masking or anonymisation. This is where we take actual data and selectively anonymise the data with realistic fictional data. It’s useful for testing but useless for anything else.
The same can be performed for data in data lakes, spreadsheets, and other data storage areas.
Managing users and authorisations
Many breaches occur through user authorisations – stolen or borrowed. Due to the turnover of consultants, employees and other system users, it can be challenging to police user credentials.
For example, removing user credentials no longer in use, removing high-level authorisations when no longer needed, or an overall user role and authorisation cleanup is a big job.
Identifying and fixing vulnerabilities
Twice a month, SAP releases security patches. Still, most SAP teams don’t have the resources or systems to apply them regularly.
Identifying and rectifying custom code vulnerabilities also presents a massive challenge for SAP teams.
The thousands of different ways SAP application settings can be configured—and changed to meet new requirements—often result in additional vulnerabilities.
With over 1,100 known SAP ERP points of potential vulnerability, it can be overwhelming for SAP teams to know where to start.
Final word
While many SAP ERP systems face vulnerabilities, most SAP teams lack sufficient resources to adequately secure them.
Fortunately, there are available software tools and solutions that can aid SAP teams in data anonymization, efficient user management, and the identification of critical vulnerabilities.
Funds for hiring skilled security professionals and acquiring specialized security software are often limited. CFOs and CEOs exercise caution when allocating budgets, and IT tools frequently don't make the cut during budget planning.
However, the experiences of Latitude and Medibank demonstrate that whether you choose to allocate these resources upfront or later as a response, a budget is essential to mitigate data risks in SAP systems
We can help.
Leg Up Software are expert in SAP IT automation.
We know the SAP operations and infrastructure automation solutions landscape and have already done the legwork identifying the best solutions for most repetitive IT tasks.
We have excellent relationships with many software vendors. We can negotiate an evaluation process that best suits your circumstances and budget.
For customers looking to gain expert insight into SAP ERP data security, we work with vendors like Libelle AG, VOQUZ Labs, smarterSec , and others who can provide SAP customers with tools and systems to secure their SAP data.
Why not set up a time to start the conversation by putting something in our calendar?
Alternatively, to learn more, see www.legupsoftware.com/solutions
