SAP USER SECURITY IN THE AGE OF CONNECTED BUSINESS

A stunning revelation by recent Study which claims that more than 95% of the enterprise SAP installations are exposed to higher severity vulnerabilities that allow hackers to hijack a company’s critical business data.

SAP which today powers more than 2, 50,000 plus  businesses worldwide and which is approximately 98% of the 100 most valued brands are vulnerable for an average of 18 months period from the day when the vulnerabilities were first surfaced are putting security experts face with the toughest challenges they have felt till today.

Faced with the dynamic challenges which businesses are coming across today have forced companies to look at opportunities of moving business data and operation on cloud to improve efficiency by enabling user adoption through mobile devices and big data and but doing so relying on legacy system such SAP making the processes more vulnerable . In the world of connected businesses Cyber security threats associated with SAP is making the life of Security professionals tougher.

Cyber security challenges for SAP enabled enterprise applications is posing the toughest of the challenges in today’s world of connected businesses. SAP HANA which is currently the centre stage of the SAP ecosystem is not also safe in this context. A recent release of SAP Hana’s latest version is well talked about in the information security world. Many security researchers have been warning businesses about the possible vulnerability of the new system which can lead to possible security breach. One of the common cyber attacks of SAP applications in enterprise is Portal Attacks.

A Portal attack is about creating J2EE backdoor accounts by exploiting vulnerabilities to gain access to SAP portals and internal system. This form of security challenge put forward issues related to user level security which is being noticed in SAP related enterprise applications. All these challenges can make easy route of malicious users to enter in your SAP system and making your critical business information more open to attacks.

Though SAP is already enabled with KEBROS AUTHENTICATION mechanism to protect user data but Hackers in today’s world are also enabled with much smarter tools to break this mechanism .The need of the hour is smarter security solutions which can implement so that user verification is done automatically and can stop malicious users for logging into your SAP system. But the challenge with setting up a system quite similar to challenges which security experts always faced with legacy applications also. So though a user can access the platform securely through either of the ways whether it is through GUI or NETWEAVER but the challenge lies in verifying the right user and giving access to the critical information.  

The current mechanisms which generally businesses use to secure their SAP ERP from being attacked by malicious user is by implementing two factor authentication technology at the VPN level but the challenge is that if at any point of time if any malicious user is able to break into you VPN framework the data on SAP become more vulnerable. Plus the present mechanism poses a challenge from the user experience perspective too.

The challenges with the present system also pose challenges for developers too who are building third party applications on the platform. Even the businesses using these applications become more susceptible to getting exposed to the larger problems.

So the challenge still prevails with a system on which lot of global business and business users trust.