SAP access security agility [shutterstock: 778654396, LuckyStep]
[shutterstock: 778654396, LuckyStep]
Blog Security

4 Lessons From 2020 To Keep Your Company And SAP Access Secure

What has this crisis taught us thus far? Here are four lessons on security and SAP systems that 2020 can teach companies.

Through the first half of 2020, business leaders and companies, as well as all people, have been questioning the notion of normal. What is it? What will it be now? Will things ever be the same?

As with past global crises, such as the recession of 2008, 9/11 and others, life, business and the economy generally returned to their former robust states, and sometimes even better through the lessons such events taught us. We learned how to resume business as usual while also staying better protected.

What has this particular crisis taught us thus far?

Agility is key

The unexpected happens. Economies and business outlooks change. Companies and revenues expand and shrink based on a multitude of variables and market fluctuations. If we aren’t prepared to manage change, change will manage us. The reality is that there is no long-lasting normal – ever. Everything is always in some degree of flux and always will be. How we adapt is what matters.

With the most recent stay-at-home predicament, companies had to shift quickly and enable virtual work for millions of global employees. This situation brought security even more to the forefront as external cases of fraud, phishing schemes and security breaches escalated with internal risks increasing right along with them. At the same time and with unemployment soaring, the likelihood of furloughing security, IT, audit and compliance employees became a real concern. With fewer people and less ability to monitor risk and security and more fraudulent activity on the rise, companies have faced a perfect storm.

Businesses need to be prepared for any catastrophe as part of their crisis planning, and as we have discovered, that can mean moving an entire workforce to remote settings in which workers cannot be watched or monitored physically for weeks, months or longer. The capability to monitor employee activity, especially in critical business systems, is no longer a nice-to-have. It’s a must. Companies have to be agile enough to monitor employees from anywhere.

Cloud technology wins the day

Companies large and small have fared better if they were already using cloud technology for most of their business systems. It’s simple enough. Cloud solutions enable employees to access them and work from any location, and most cloud technologies have better security measures that vendors can afford but individual companies with their own servers and hardware may not be able to fund.

As far as security tools for internal risks, cloud applications can provide greater ability to monitor remote employees than a manual approach that can’t be done with employees outside of offices or with off-premises tools. A good example is access control and Segregation of Duties (SoD) solutions for SAP. Risk analysis on hundreds or thousands of employees is a primary means of catching access risks. Additionally, having a way to provision and de-provision access remotely becomes a priority. Consider the back and forth efforts to manage the latter when not in a brick-and-mortar office or when trying to track those tasks on paper or with systems that are not as efficient as cloud products.

Cloud access controls also result in product updates taking place no matter where security teams work. Such solution updates don’t necessitate access to an on-premise server or require company administrative staff to manage them. Business keeps moving without disruption.

Companies can’t let their guards down

In a period when experts tell us that internal fraud tends to proliferate because employees face employment uncertainty, more financial burdens, less in-person oversight and general fear about the future, companies have to be even more vigilant when it comes to security. It is not a time to consider cutting security, especially internal security or access controls. The reverse is true; businesses should find a way to maintain high levels of security, deploy new systems if they are lacking such tools and move as many systems to the cloud.

Cut costs, not security

All organizations are seeking more cost-effective ways of running their business. A more cost-savings way of managing security and controls is to adopt cloud technology that removes implementation, maintenance, upgrade and consultant costs. In our current climate, this is an opportunistic time to review what tools can be moved to the cloud and without a negative impact on budgets.

Implementing cloud access controls that can be up and running in hours or days, not months, is ideal. With such systems, administrators of these solutions don’t need to be on-site in an office. They can be anywhere – their home office, a sofa, the kitchen table, or wherever their workplace is.

Cutting security or not having agile security solutions only creates more risk for a company, which could ultimately cost exponentially more than investing in protective products themselves.

The future face of normal is still unknown. All futures really are, but you can be adaptable, prepared and ready to keep your business running safely and securely no matter what the future looks like or where your workforce accesses your systems.

Source:
ERP Maestro

About the author

Jody Paterson, ERP Maestro

Jody is a trusted advisor and cybersecurity thought leader who is a Certified Information Security Specialist (CISSP), a Certified Information Security Auditor (CISA), former director at KPMG, and founder of ERP Maestro.

Add Comment

Click here to post a comment

Sign up for e3zine´s biweekly newsbites

Please do not use administrative mail adresses like "noreply@..", "admin@.." or similar as these may get blocked for security reasons.

We use rapidmail for dispatching our newsletter. By signing up, you agree that the data you have entered will be transmitted to rapidmail. Please take note of their terms and conditions and privacy policy.termsandconditions.

Our Authors