SAP to double down on cybersecurity strategy

BY AIMEE CHANTHADAVONG, ZDNet

 

 

Having a cybersecurity strategy will be a “driving force” going forward for SAP, according to company CEO Bill McDermott.

 

While no specific details were disclosed during the opening keynote about what approach SAP was going to take, McDermott told journalists at 2016 SAP Sapphire Now in Orlando, Florida that focusing on security has never been more crucial for the firm.

 

“You’re never done on focusing on security, especially cybersecurity. We not only focus on all the 45 years of learning that we’ve had in security in the ERP system, but we do that in multiple geographies and multiple industries, with multiple security techniques…[this] is what has really differentiated SAP,” he said.

 

“We have a security department, we have a head of security, and we’re also making organic investments in continuing to strengthen the focus on security, especially cybesecurity.”

 

Conversely, last December executives dismissed concerns about security flaws in its HANA platform. This was despite a report released in November by Onapsis revealed a total of 21 vulnerabilities — eight of which were deemed critical — existed in the SAP HANA platform including flaws was allowing attackers to remotely control victim machines. The critical flaws discovered in the platform impact all SAP HANA-based applications, including SAP S/4HANA and SAP Cloud solutions running on HANA.

 

Last week Homeland Security issued a warning that hackers were exploiting a security vulnerability in SAP business software — a flaw that dates back to 2010. It affects a number of the company’s most popular business applications, including SAP Enterprise Resource Planning (ERP) and SAP Customer Relationship Management (CRM).

 

The alert warned at least 36 unnamed organisations running misconfigured or outdated software would leave them prone to being hacked.

 

SAP appointed its first chief security officer in February, naming Justin Somaini, a former executive at Box, Yahoo, and Symantec, as the person taking up the role.

 

According to SAP at the time, Somaini will help execute its security strategy for products and early detection.