Connect with us

Hi, what are you looking for?


SAP supply chains need zero trust to reach enterprise cybersecurity


Did you miss a session from the Future of Work Summit? Head over to our Future of Work Summit on-demand library to stream.

While SAP, one of the world’s leading producers of software for the management of business processes, takes an approach to secure supply chains’ tech stacks using SAP Data Custodian, Cloud Identity Access Governance, and the recently launched Enterprise Threat Detection provide the basics of zero trust for SAP-only infrastructure, the bottom line is they fall short of what enterprises need in diverse supply chain environments.

Taken together, SAP’s Cybersecurity, Protection, and Privacy don’t go far enough to provide a zero-trust-based approach in heterogeneous cloud infrastructure environments that dominate the enterprise’s supply chain tech stacks today. As the most recent NIST Zero Trust Architecture standard states, “assets and workflows moving between enterprise and non-enterprise infrastructure should have a consistent security policy and posture,” yet that’s not possible with SAP-only cybersecurity components used to supply chains today.

SAP’s latest series of product announcements in cybersecurity, protection, and privacy, as well as identity and access governance, provide baseline zero-trust support levels for SAP-centric environments. Taken together, they don’t go far enough to secure an entire enterprise’s supply chains, however.

SAP Data Custodian is a case in point. It’s possible to secure endpoints, protect threat surfaces, define authentication levels, and organize networks with microsegmentation. The missing factor is a secure endpoint platform that can protect non-SAP SaaS-based business applications and related hardware endpoints distributed across supply chains. SAP Data Custodian doesn’t protect third-party applications or the entire suite of SAP applications, either – that’s still a work in progress.

Until SAP has Data Custodian integrated with every SAP application suite across their supply chain suite, it’s prudent not to bring up zero trust as a unique differentiator for supply chains. It lacks endpoint management that’s able to secure every endpoint and treat every identity as a new security perimeter – which is core to a zero-trust framework capable of securing globally diverse supply chains.

SAP Cloud Identity Access Governance scales well for providing role management, access requests, reviews and analytics, and privileged access management (PAM) with SAP, GRC, and IAM (identify and access management) solutions on the same tech stack. It’s also proven effective in protecting SAP supply chains that are integrating with S4/HANA implementations. However, deviating from an SAP tech stack, and IAM and PAM don’t scale – or, in some cases, can’t protect third-party enterprise applications. To its credit, Cloud Identity Access Governance includes pre-configured policies and rules for access management. However, SAP requires its customers also to buy SAP Access Control to customize workflows and ensure they include endpoints and microsegmentation-based network configurations that are a core component of any with the zero-trust framework.

Advertisement. Scroll to continue reading.

The truth about zero trust with SAP

The goal of the Shared Responsibility Model is assigning responsibility for the security of cloud tech stacks by cloud service providers, infrastructure, and cloud customers. The SAP version of the Shared Responsibility Model shown below illustrates how the company has defined securing the data itself, management of the platform, applications and how they’re accessed, and various configurations as the customers’ responsibility:

SAP Community, RISE with SAP: Shared Security Responsibility for SAP Cloud Services

Above: SAP Community, RISE with SAP: Shared Security Responsibility for SAP Cloud Services

While SAP provides basic IAM support, it doesn’t defend against the leading cause of security breaches, including privileged credential abuse. Forrester reports that 80% of data breaches are initiated using compromised privileged credentials. According to interviewed CISOs who are evaluating SAP’s zero-trust capabilities, the following vendors are most often included in the comparisons: SailPoint Identity Platform, Oracle Identity Manager, Okta Lifecycle Management, Saviynt Security Manager, IBM Security Verify Governance, Ivanti Identity Director, Microsoft Azure Active Directory and Micro Focus NetIQ Identity Manager. Enterprises often compare these IAM providers on their integration, deployment, service, and support levels, with these factors weighing more on buying decisions than features alone.

SAP’s supply chain offerings lack diversity

SAP’s approach to IAM  doesn’t protect privileged-access credentials or protect every endpoint from third-party applications, which is essential for creating a framework for zero-trust security. As the Shared Responsibility Model illustrates, SAP secures services, leaving IAM to customers. While their PAM and IAM applications are useful in all-SAP environments, they don’t reflect how diverse and complex SAP supply chain stacks can be in nearly every enterprise today.


VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact.

Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:

  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more

Become a member

Source link

Click to comment

Leave a Reply


Top Stories

The provision in the U.S. infrastructure bill signed into law in November, which will require financial institutions and crypto brokers to report additional information,...

Social Media

As it looks to add more ways to help creators to build their presence, and monetize their work in the app, Facebook is launching...


In context: Tensor cores have been one of the main advantages of Nvidia’s RTX graphics cards, enabling machine learning-based image upscaling, which significantly improves...

Online Business Success

Small Town Cultures pickles. Small Town Cultures Small Town Cultures A family-based fermentation company located in upstate New York, bring simple, clean fermented foods...

Social Media

Snapchat has officially launched its new Snapchat+ subscription service, which will enable users to pay a monthly fee in order to gain access to...

Top Stories

Bear markets can be incredibly harsh for projects that have little adoption or lack an applicable use case, but projects that dedicate to building...


You May Also Like


Introductions get a lot of attention. I’ve explored the topic of how to write them even though as a reader, I always skip them....

Online Business Success

The internet is now our nervous system. We are constantly streaming and buying and watching and liking, our brains locked into the global information...

SEO Guide

There are all kinds of pictures of the world on the internet, but to find one of these specific pictures that you want to...

Online Business Success

You can think of link building in many ways. I like to call it tedious, painful, and a test of patience. It’s also necessary...