More than two thirds (68 percent) of SAP users believe their organisations put insufficient focus on IT security during previous SAP implementations, while 53 percent indicated that it is ‘very common’ for SAP security flaws to be uncovered during the audit process. These are key findings of the SAP Security Research Report by risk management consultancy Turnkey Consulting.
The research also uncovered that most respondents were not fully equipped to manage risk. A fifth (20 percent) felt most businesses did not have the skills and tools to effectively secure their SAP applications and environment, with 64 percent saying they only had some skills and tools. Looking at specific concerns, nine out of ten (93 percent) people thought it was likely that an SAP audit would flag access management issues.
Privileged or emergency access was also a major concern with 86 percent believing it was common or very common to have audit findings specifically related to it.
However, the research also showed a growing awareness of the security challenges faced by today’s enterprise, with the adoption of ‘security by design’ regarded as a solution. 74 percent expect IT security to take greater priority in future SAP deployments, with 89 percent agreeing that security specialists should be brought on board to support their S/4 Hana transformation programs.
Building in security from the start is crucial
Richard Hunt, managing director at Turnkey Consulting, said: “The findings of this survey mirror our day-to-day experiences; SAP security is often an afterthought on SAP deployments, with the result that not enough time and resource is allocated to the essential security activities that need to take place throughout the project.”
“However it is encouraging to see that boardroom awareness is growing as the general business environment becomes increasingly focused on compliance, data protection and cyber security. This understanding will drive organisations to take the critical step of designing security into implementations from day one.”
Turnkey undertook its inaugural SAP research to determine organisations’ preparedness as the SAP landscape undergoes a time of transition and the deadline to adopt S/4 Hana approaches. SAP ERP offers extensive user benefits in terms of increased interconnectivity and mobility, but risks leaving SAP applications and infrastructure open to exploitation.
Hunt concludes: “Rolling out S/4 Hana requires significant investment and organisational commitment. This reinforces why building in security from the start is vital if remediation, which is costly from both a financial perspective as well as in terms of business disruption, is to be avoided further down the line.”