​












Insecure SAP systems at risk with more employees working from home
​
It is virtually impossible to escape hearing about the Corona-virus – not only in media coverage, but also in our suddenly adapting workplace practices. Some companies – Google for example – have ordered their employees to work from home for the foreseeable future. This cautionary approach may well have repercussions. For example a potential impact on the security of SAP systems. There are several reasons why this might happen, giving attackers an opportunistic window to search for vulnerabilities and obtain valuable data.


Firstly, there will likely be many workers who are now newly working from home, in order to curtail the virus. Naturally, corporate IT does not have as much control over the home network than they do in the office. This opens up a potential for vulnerabilities. One example is smart home devices, or Internet of Things (IoT) devices. As we know, most devices in the IoT, especially in the smart home sector, are very insecure. 
Realistically, most IT departments these days will have addressed and taken preventative action against most threats: the endpoint, i.e. the employee's laptop or computer, will have the latest Anti-Virus programs, firewalls, and the connection to the corporate network will likely be established over VPN. This should cover most of the threats that could originate from infected devices in a home network.

The same may not be true, however, for SAP systems, which are still not sufficiently hardened in many implementations. For example Secure Network Communications (SNC) encryption technology is provided by SAP free of charge and encrypts both the connections between SAP systems, and between an SAP client and the SAP system. SNC, however, is not always used, in other words: the communication between an employee’s laptop and the SAP system is often not encrypted, everything can be read in plain text. Capturing this traffic is easy for an experienced hacker. These exploit vulnerabilities which, if the SAP system is not sufficiently secured – are more likely to occur in an unprotected network than within corporate boundaries.

Coming back to the relationship with Covid-19. More employees working from home means a bigger attack surface for hackers. But what can you do about it? The most crucial measures are quite simple:

• Scan your SAP landscape for vulnerabilities. SAP has thousands of security relevant settings, and that does not even account for all roles and authorizations which could potentially lead to data breaches or a compromised system. 
  
  
• Constantly monitor your SAP system for threats. In order to successfully protect your systems and quickly react to potential attacks, you will need to know what’s happening when it’s actually happening. This can only be achieved if you continuously monitor your SAP systems for any anomalies and filter those to detect threats. Ideally, this monitoring should integrate into your existing security landscape, such as a SIEM solution through our partners at Symmetry.
  ​

In order to ensure that your SAP landscape is as secure as if it were business as usual, we strongly recommend you secure your SAP systems by implementing these measures, and more. 

High Peaks Consulting can provide assistance to help you navigate these challenging times. We are able to analyse your SAP Security fabric and identify weaknesses that can be addressed to ensure your company is prepared for the new reality we find ourselves in. Having a clean and compliant system will allow your security team to focus on tackling oncoming threats instead of reacting to existing ones, keeping you agile and realizing the true cost savings of a secure environment.

Check out some of our relevant security services below

Role Design Services
License Audit Services
Vulnerability Assessment
Security Compliance
Single Sign On

High Peaks Consulting today announced that it is now a partner in the SAP® PartnerEdge® open ecosystem. As an SAP partner, High Peaks Consulting now has access to additional resources that allow the company to build, sell, and service SAP solutions.

“By joining the SAP® PartnerEdge® program, High Peaks Consulting now has the capability to deliver a more complete set of services to our clients. This will allow our team to better manage SAP engagements, streamline our client’s journey to S/4 HANA, simplify their digital platform, and maximize solution adoption throughout the enterprise.” – Greg Boyle President / CEO High Peaks Consulting Inc.

High Peaks Consulting intends to grow its SAP practice by partnering with enterprises of all sizes to help them secure their SAP environments, allowing them to realize the true ROI of a clean and compliant environment. Leveraging the SAP® PartnerEdge® program, High Peaks Consulting will focus on developing packaged solutions in concert with our existing partners that not only further our ability to provide secure and compliant systems, but to help companies become business ready for S/4 HANA.

About High Peaks Consulting Inc.

High Peaks Consulting Inc. is an Ottawa, Canada and Orlando, Florida based professional services consulting firm with a focus on Architecting SAP Security Solution with expertise in SAP's GRC Suite of Products, and Certified in Partner Solutions such as Symmetry's CPGRC tools, Single Sign On, Upgrade roadmaps and implementation paths to S/4 HANA and Merger/Acquisition support. Our goal is to deliver secure and compliant SAP environments that allow our clients to realize the true ROI of a clean SAP ecosystem, while lowering their TCO in the process.
​
Learn more about High Peaks Consulting and our services, visit our website: https://www.highpeaksconsulting.ca