English | Deutsch | Español

What the Internet of Things means for SAP® security

March 20, 2018 | From Virtual Forge GmbH

businessman hand showing Internet security word on book online business as concept.jpegLast week, a partnership between Deutsche Telekom and SAP® was announced to place greater emphasis on the Internet of Things - an important milestone for the adaptation of Industry 4.0. However, the increasing number of "connected" machines and devices brings up another topic: interface security.

Originally, SAP® systems were monolithic, with few interfaces to the outside world. This has changed fundamentally over the years. So fundamental that most customers hardly have an overview anymore of which and above all how many interfaces exist at all. For example: in one of our projects, those responsible for an HR system were asked to estimate the number of interfaces. The responsible persons estimated that number to amount to about 14 interfaces. An inventory, quickly revealed that 60 interfaces was closer to the reality - topics such as file folders on operating system level or the SAP GUI, which can also be seen as an interface, were not even considered.

From the perspective of a security officer, this is bad news: Interfaces that are not known are difficult to secure. With the Internet of Things, this problem is multiplied on two levels.

On the one hand, the devices themselves must be taken into account. Of course it is to be welcomed if the maintenance or repair status of a machine can be sent proactively to a central system in order to be able to react in time. On the other hand, any additional system connected to the Internet increases the attack vector for cyber attacks. And forced by the rapid transformation that IoT already demands from manufacturers, many devices are inadequate or - unfortunately - not at all protected against attacks.

Second, every connected device must be connected to other systems, including SAP systems, in order to leverage the efficiency of IoT at all. The result is a multiplication of interfaces, which in turn need to be inventoried, secured and monitored. The fact that many device manufacturers rely on cloud solutions to connect their devices to the Internet merely shifts the problem, but does not solve it.

In order to solve the problems associated with IoT and Industry 4.0, new approaches are needed. With the Interface Profiler, part of the Virtual Forge Security Suite, we offer you a tailor-made solution for inventorying, securing and monitoring interfaces. Get to know our innovative interface security solution today.