3 Key SAP Cloud Security Trends from the SAPinsider Benchmark Report

The latest edition of the SAPinsider benchmark report released recently turns its focus towards cloud security trends. With several SAP customers either in the process of migrating to S/4 HANA Cloud or putting it in their future roadmap, cloud security is gaining greater significance. The report puts out some key insights into how SAP customers are prioritizing their security and which solutions they plan to implement to strengthen their SAP cloud security. Highlighted below are three key trends from the SAPinsider Cloud Security Trends Benchmark Report. 

Download the SAPinsider Cloud Security Trends Benchmark Report

Patching is Fundamental to SAP Cloud Security

According to the SAPinsider benchmark report, almost a quarter (22%) of respondents stated that they don’t address necessary patches regularly, while 11% expected their providers to implement patches. This is a serious security concern since most attackers use existing system vulnerabilities to gain access to applications. Though more than half (54%) stated that they addressed patches on a regular schedule, there is still a time gap between the availability of patches and when they are implemented.

Patching is almost always a challenge for most application IT teams because they invariably cause system downtime, affecting productivity and business. Organizations not only have different SAP applications but might also have different versions and instances of the same application running across their various departments and locations. The burden falls on the IT teams to keep themselves up to date on all the version updates and patches and create a schedule to apply the patches while keeping application downtime to a minimum.

To overcome this challenge, organizations can implement a vulnerability management solution that regularly scans all SAP systems – both cloud and on-premise – for missing patches and misconfigurations. Going a step further, the solution should be able to highlight patches that are critical for security. This will enable IT and security teams to prioritize and plan patch testing and implementation, reducing downtime and enabling an efficient response to system vulnerabilities.

Identifying Vulnerable Code in SAP Cloud Applications is Critical

When asked about the top cloud security tools and technologies that respondents planned to implement, Code Vulnerability Analysis featured among the top three technologies. 53% of the respondents said that they are either implementing it or plan to implement it in the next 12-24 months. Most organizations that use SAP have custom code within their systems. While the code is essential to meet business needs, it can create security blind spots and leave your SAP systems vulnerable. In fact, as much as 90% of a company’s custom ABAP code is obsolete.

Most organizations are aware of this risk and understand that the right code analysis tools are essential to identify insecure code. According to the report, having tools that can scan code in applications moving to the cloud enhances SAP cloud security by ensuring that no exploitable code is included in applications. A good code scanning solution should have an up-to-date library of coding best practices and be able to read through your ABAP code, both in development and production, to identify sections of code that do not conform to ABAP-recommended coding practices.

Zero Trust is Key to Protecting SAP Cloud Apps

Zero Trust, as a strategy, has long been a part of the security conversation. Many organizations have already started incorporating its principles into their security decisions in some form or the other. The SAPinsider survey also found that 53% of the respondents stated that their organizations plan to deploy zero-trust models as part of their cloud security strategy over the next two years.

For applications like SAP which are used to execute a variety of transactions, zero trust needs to penetrate much deeper than just the point of access. However, as a role-based application, SAP lacks the granular internal controls that allow/deny access to specific data and transactions. This is where attribute-based access controls, or ABAC, play a crucial role in hardening access to sensitive data and transactions.

ABAC solutions that work alongside SAP’s existing role-based access enable organizations to implement least privilege policies based not only on individual roles but also the context of access. For example, ABAC can be used to mask sensitive data if individuals are logging in from a personal device or an insecure network. Also, high-value transactions can be blocked outside of work hours. Additionally, in-line MFA and click-to-view controls can be implemented on specific fields to log access and create alerts.

SAP Cloud Security with Pathlock

Pathlock offers a range of modules that address security, risk, and compliance challenges faced by SAP customers. We provide a single platform to unify access governance, automate audit and compliance processes, and fortify application security. While the Vulnerability Management module identifies and prioritizes missing patches, our Code Scanning module scans ABAP code in production and development to identify weaknesses and improve your coding practices. Additionally, Pathlock’s Data Masking module enables you to mask data across applications and implement granular controls within your SAP applications using a single interface.

Get in touch with our SAP security experts to find out how we can secure your SAP cloud applications.