Roadshow Recap: Addressing the SAP Governance Gap

Onapsis has just completed its second annual North American Roadshow Series! With stops in the Bay Area, Houston, Chicago, and New York, this initiative was a huge success.

During this series, industry professionals and customers from some of the top F1000 organizations collaborated on how to address the growing SAP governance gap within their organizations. As the state of SAP cybersecurity continues to evolve, the SAP governance gap continues to be one of the most common challenges facing organizations across many different industries.

Throughout the conversations I had, I found that many organizations are becoming more aware of the importance of securing SAP systems, but are still struggling to understand how to implement an SAP cybersecurity strategy in order to do so. Business-critical applications running on SAP are among the most valuable assets an organization has and must be in the top tier of organizational assets when it comes to protection priorities.

That being said, a majority of our collaboration focused on steps organizations can begin taking to implement an aligned and effective SAP cybersecurity strategy. Let’s take a deeper look at these steps:

  • 1. Map out your SAP Landscape and Terrain
    Questions to ask
    • Have you successfully mapped out your entire SAP landscape? Did you find anything surprising or systems you were not aware of?
    • What are the challenges in mapping your complete SAP environments?
    • What teams did you depend on to achieve this?
  • 2.Understand the role your SAP systems play
    Questions to ask
    • How do you prioritize your SAP systems in your organization?
    • What factors are used to determine prioritization? (Business functional impact, compliance costs, etc.)
  • 3.Understand Potential Risks
    Questions to ask
    • Who is responsible for this monitoring and measuring?
    • How frequently does this measuring take place?
    • Does this frequency match the criticality of the systems?
  • 4.Identify the Players
    Questions to ask
    • How many departments are involved in SAP Security in your organization?
    • Who is ultimately responsible for SAP Security in your organization?
  • 5. Create a General Action Plan
    Questions to ask
  • 6.Measure Progress and Communicate
    Questions to ask
    • Who in the organization requires information about the security of SAP systems?

Now more than ever, it is critical for organization’s to learn about existing vulnerabilities within their SAP environment, determine the business risks of these vulnerabilities, and implement an effective, operationalized SAP security strategy to begin eliminating risks to the SAP infrastructure. For organizations looking to learn more about how they can do so, our experts are always available for inquiries and can be contacted here.

Leave a comment

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.

Subscribe to our monthly newsletter, the Defender's Digest!