Insecure SAP systems at risk with more employees working from home
It is virtually impossible to escape hearing about the Corona-virus – not only in media coverage, but also in our suddenly adapting workplace practices. Some companies – Google for example – have ordered their employees to work from home for the foreseeable future. This cautionary approach may well have repercussions. For example a potential impact on the security of SAP systems. There are several reasons why this might happen, giving attackers an opportunistic window to search for vulnerabilities and obtain valuable data.
Firstly, there will likely be many workers who are now newly working from home, in order to curtail the virus. Naturally, corporate IT does not have as much control over the home network than they do in the office. This opens up a potential for vulnerabilities. One example is smart home devices, or Internet of Things (IoT) devices. As we know, most devices in the IoT, especially in the smart home sector, are very insecure.
Realistically, most IT departments these days will have addressed and taken preventative action against most threats: the endpoint, i.e. the employee's laptop or computer, will have the latest Anti-Virus programs, firewalls, and the connection to the corporate network will likely be established over VPN. This should cover most of the threats that could originate from infected devices in a home network.
The same may not be true, however, for SAP systems, which are still not sufficiently hardened in many implementations. For example Secure Network Communications (SNC) encryption technology is provided by SAP free of charge and encrypts both the connections between SAP systems, and between an SAP client and the SAP system. SNC, however, is not always used, in other words: the communication between an employee’s laptop and the SAP system is often not encrypted, everything can be read in plain text. Capturing this traffic is easy for an experienced hacker. These exploit vulnerabilities which, if the SAP system is not sufficiently secured – are more likely to occur in an unprotected network than within corporate boundaries.
Coming back to the relationship with Covid-19. More employees working from home means a bigger attack surface for hackers. But what can you do about it? The most crucial measures are quite simple:
High Peaks Consulting can provide assistance to help you navigate these challenging times. We are able to analyse your SAP Security fabric and identify weaknesses that can be addressed to ensure your company is prepared for the new reality we find ourselves in. Having a clean and compliant system will allow your security team to focus on tackling oncoming threats instead of reacting to existing ones, keeping you agile and realizing the true cost savings of a secure environment.
Check out some of our relevant security services below
Role Design Services
License Audit Services
Single Sign On
High Peaks Consulting today announced that it is now a partner in the SAP® PartnerEdge® open ecosystem. As an SAP partner, High Peaks Consulting now has access to additional resources that allow the company to build, sell, and service SAP solutions.
“By joining the SAP® PartnerEdge® program, High Peaks Consulting now has the capability to deliver a more complete set of services to our clients. This will allow our team to better manage SAP engagements, streamline our client’s journey to S/4 HANA, simplify their digital platform, and maximize solution adoption throughout the enterprise.” – Greg Boyle President / CEO High Peaks Consulting Inc.
High Peaks Consulting intends to grow its SAP practice by partnering with enterprises of all sizes to help them secure their SAP environments, allowing them to realize the true ROI of a clean and compliant environment. Leveraging the SAP® PartnerEdge® program, High Peaks Consulting will focus on developing packaged solutions in concert with our existing partners that not only further our ability to provide secure and compliant systems, but to help companies become business ready for S/4 HANA.
About High Peaks Consulting Inc.
High Peaks Consulting Inc. is an Ottawa, Canada and Orlando, Florida based professional services consulting firm with a focus on Architecting SAP Security Solution with expertise in SAP's GRC Suite of Products, and Certified in Partner Solutions such as Symmetry's CPGRC tools, Single Sign On, Upgrade roadmaps and implementation paths to S/4 HANA and Merger/Acquisition support. Our goal is to deliver secure and compliant SAP environments that allow our clients to realize the true ROI of a clean SAP ecosystem, while lowering their TCO in the process.
Learn more about High Peaks Consulting and our services, visit our website: https://www.highpeaksconsulting.ca
SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP SE (or an SAP affiliate company) in Germany and other countries. All other product and service names mentioned are the trademarks of their respective companies. Please see http://www.sap.com/trademark for additional trademark information and notices. All other product and service names mentioned are the trademarks of their respective companies.
We are pleased to announce that High Peaks Consulting has entered in to a consulting partnership with Docker to support our efforts to optimize our customers’ results in 2018 and beyond. The High Peaks Consulting organization strives daily to improve both the quality and variety of the products and services that we provide.
Our consulting partnership with Docker is another example of our commitment to improve the quality of our professional service offerings to compliment our enterprise-grade consulting partnership with Amazon Web Services.
Docker is the leader in the containerization market, combining an enterprise-grade container platform with world-class services to give developers and IT alike the freedom to build, manage and secure applications without the fear of technology or infrastructure lock-in.