Layer Seven Security

Securing Your Business: Security at SAP

In an open letter addressed to SAP customers earlier this year, SAP CEO Bill McDermott acknowledges the “tremendous concern around information security” given the “relentless and multiplying” threat presented by increasingly sophisticated attackers. The letter introduces the SAP paper Securing Your Business that discusses security trends and outlines SAP’s response to cyber threats.

According to the paper, cyber threats are driven by the growth in the volume of enterprise data, the growing value of data, the increasing connectivity and vulnerability of endpoints, and the commercialization of attacks.

The paper also discusses weaknesses in traditional security technologies such as firewalls and intrusion detection systems that are routinely bypassed by advanced and often encrypted exploits. The paper recognizes that attackers target enterprises systems such as SAP given the extensive and valuable data stored and processed by such systems.

The paper concludes by presenting SAP’s portfolio of products for preventing, detecting and responding to security breaches.  This includes Enterprise Threat Detection (ETD), Governance, Risk and Compliance (GRC) and Code Vulnerability Analysis.  The paper also cites services and tools available in SAP Solution Manager including SOS and System Recommendations.

Other important areas for security in SAP Solution Manager include Configuration Validation (ConVal). ConVal performs daily, automated scans for hundreds of vulnerabilities in SAP systems and is therefore an important preventative tool for responding to cyber threats. Furthermore, areas such as the monitoring and alerting infrastructure of SAP Solution Manager monitor SAP logs for signs of malicious attacks and generate alerts to warn responders of potential security breaches. Finally, tools such as Usage Procedure Logging, Solution Documentation and Business Process Change Analyzer (BPCA) identify application and functional areas impacted by Security Notes to increase the speed of response for SAP patches.

In contrast to many of the products outlined in the paper, SAP Solution Manager is installed in most SAP landscapes and therefore does not require any additional licensing. Contact Layer Seven Security to discuss how to implement advanced security monitoring and respond to cyber threats by optimizing your SAP Solution Manager.

Cybercrime Projected to Reach $2 Trillion by 2019

According to a recent study from Juniper Research, the worldwide cost of data breaches will exceed $2 trillion by 2019. This is equivalent to 2.2% of forecast global GDP and represents a four-fold increase upon data breach costs in 2015. The average cost of data breaches will also increase to $150 million or 25 times the current average of $6 million.

data-breach-costs-2015-2020

Data breaches are expected to not only intensify in terms of their impact, but also grow more prolific. Globally, there were 6,000 breaches in 2015. This is expected to reach 16,000 by 2020. The increase will be due in part to the growing attack surface caused by the growth in enterprise data. According to IDC, total worldwide enterprise storage capacity will be 521,000 petabytes in 2020.

projected-volume-of-data-breaches-2015-2020

Presently, approximately 60 percent of data breaches occur in the United States. The proportion is expected to fall to 50 percent by 2020 with the growing digitization of the rest of the world.

Despite the growth in mobile communications and IoT (Internet of Things), the majority of breaches are expected to arise from the exploitation of vulnerabilities in existing IT and network infrastructure rather new and emerging technologies.

The full report is available at Juniper Research. The report provides an in-depth analysis of the current and future threat landscape including sector-by-sector trends and forecasts.