Ralf Kempf, Technical Managing Director
The difference that time can make can be profound.
History is a testimony to the fact that the face of cybersecurity has changed completely. From worms and viruses to DDoS, advanced persistent threats (APTs), and insider threats, the rise in the sophistication and impact of cyberattacks has been exponential. And beyond a shadow of a doubt, the war against these cyberattacks is still raging on. “From the past to the present, the increase in cybercrimes has significantly altered the activities in the cybersecurity arena,” begins Ralf Kempf, Technical Managing Director SAST SOLUTIONS, AKQUINET.
In the past, industries remained focused on perimeter security, which is essential but as time passed and as employees started to use mobile devices from anywhere in the world, perimeter walls became blurred. Today, it is the authorization—and not the firewall—which keeps employees from logging in to a corporate bank account. In the present day, companies across industries, including mechanical and plant engineering, insurance, public sector, and logistics are increasingly deploying ERP systems like Oracle and SAP. If attackers can bypass the perimeter controls, it is a cinch for them to start malicious activities against those systems to steal/manipulate data or cause an unplanned shutdown. Moreover, these ERP systems are no longer monolithic; they are coupled with field services and HR systems in the cloud. But most organizations lack the visibility into authorizations, dependencies, and the inherent risks lurking in the complex, connected SAP business systems. Being an early bird, Kempf noticed this pitfall a decade ago while observing the growing challenges posed by cyberattacks on the enterprise perimeter and how these threats evolved to target applications. It became evident that enterprise application security needs a fresh approach. Focused on SAP customers worldwide, Kempf architected AKQUINET’s SAST SOLUTIONS suite to overcome the challenges posed by the broadening cybersecurity threat vector.
The Ideal IT Security Framework
The growing complexity of SAP systems along with the limited security experience of many SAP users and administrators often create security vulnerability, making these systems easy targets for espionage, manipulation, misuse of rights, and data theft. Comprehending the countless possibilities of attack—both from inside and outside of the organization—on SAP systems, AKQUINET has crafted numerous ways to protect these systems. As a company that provides IT solutions for data center and managed networks services, AKQUINET specializes in holistic security for SAP environments. In fact, the company provides solutions to secure all levels of an SAP System in order to ensure reliable business operations. AKQUINET’s acumen is in being the perfect and experienced partner offering the full range of solutions for SAP customers in the areas of security as well as in governance, risk and compliance (GRC). Rising above the security challenges, the company offers their best-of-breed SAST SUITE of solutions that support an organization’s governance, risk and compliance strategies.
A dedicated team ceaselessly analyzes the complex infrastructures of the SAP customers, which incorporates SAP system, and other software deployed in the cloud
Their consulting offering ranges from risk assessment to systems security to identity and user access management. The company lays a strong security foundation by ensuring platform security through penetration test, security assessments. The idea is to make security gaps visible that will allow decision makers to trigger effective measures. Also, being one of the early developers of SAP vulnerability scanners, AKQUINET aids customers to scan their SAP environment and analyze the vulnerabilities in the configuration layer, database, and operating system. It also allows them to scrutinize vulnerabilities on the users’ authorization area and run investigations like users’ identity, critical authorization scanning, and segregation of duty (SOD) analysis.
With 20 years experience in SAP security services and software development, Kempf has in-depth knowledge about the different authorization principles and mechanisms which are unique to the SAP environment. Infusing this know-how, AKQUINET has designed an entire identity management lifecycle for SAP users. Kempf explains that it requires training and operations assistance to handle and instill SAP’s identity management solution in business processes. In fact, role and authorization projects are amongst the most complex projects in any SAP environment. Stepping up to this need, AKQUINET provides detailed services including planning, implementing, and adjusting the identity management system offered by SAP—to achieve the best fit in the customer environment. The company can seamlessly couple SAP’s identity management systems with its SAST SOLUTIONS for authorization, SoD scanning and automated role management, which enhances their ability to detect critical authorization settings for every user. Since malicious activities can also arise from within the systems through internal users, AKQUINET’s SAST Security Radar provides real-time security monitoring and suspicious behavior analysis of the users and the system. This information is then fed to Security Information and Event Management (SIEM) systems, which are usually unable to access and process this information from an SAP system.
AKQUINET takes one step at a time to create an apt action plan and thus emerges as the powerhouse of relevant recommendations to secure clients’ systems. Their plans are built upon the recommendations from previous security audits. The company also takes the initiative to help clients resolve identified vulnerabilities in databases and operating systems, as well as SAP web applications.
The Mission of 100 Percent Security
“The big story is, it’s challenging to protect an ERP system with thousands of users,” says Kempf. But AKQUINET has been successfully providing managed security services in tandem with vulnerability scanning, combined with SIEM and attack detection services, round the clock. Many large German and international companies—from automotive to banking sectors—are seamlessly fighting cyberattacks in association with AKQUINET, who is helping them install cross-department and cross systems security monitoring solution by aggregating relevant information.
Kempf recounts a success story that depicts AKQUINET’s efficiency in helping organizations globally with in-depth enterprise security and SAP know-how and full-featured solutions to establish and upgrade their SAP security.
Takeda, a pharmaceutical company headquartered in Tokyo, deployed SAP systems worldwide with around 4,000 users in 50 countries. At this juncture, Takeda’s twin objectives were to accelerate and simplify its authorization assignment process while deploying a tool that could simultaneously provide vulnerability monitoring to its SAP backend. The client wanted to have uninterrupted transparency in user management, with regular reports about potential security risks or role conflicts to optimize account controls in the future. In essence, data security was the top priority for Takeda. Examining the convenience of use and clear structure of AKQUINET’s SAST SUITE modules, which are also extremely cost-effective, Takeda decided to join hands with AKQUINET. Before the rollout, AKQUINET’s performed a 360° analysis of the pharmaceutical company’s authorization assignment process to optimize and redesign the solution according to Takeda’s discrete requirements. The upshot was stark in just two months. Takeda achieved a comprehensive workflow that models and simplifies all of its processes through AKQUINET’s solutions.
"We train and guide the customers through our consulting so that they understand the system dependencies and handle their complex security environment better"
Under the hood, the new system carried out authorization and SoD analysis, managed user roles and rights with full auditability, and performed authorization checking for super-users and other privileged accounts. Potential security gaps and risks were duly identified, evaluated and forwarded as reports to the relevant business department. Delivering an additional advantage to Takeda, the company incorporated a special feature of deploying its SAST SUITE in Chinese.
AKQUINET emphasizes upon two approaches to stay relevant and shield customers’ IT environment against the growing cyberthreats. The company is continuously involved in enhancing security knowledge and conducting constant security research in the SAP arena. “A dedicated team ceaselessly analyzes the complex infrastructures of the SAP customers, which incorporates SAP system, and other software deployed in the cloud,” says Kempf. AKQUINET’s cooperation with SAP gives them a whip hand to access the early releases of their software, which allows the company to comprehend their plan for the next 5-10 years. Based upon this advantage, the company is thoroughly improving its software to provide organizations the feasibility to analyze systems in the cloud. This feature is quite essential to analyze the connectivity between systems due to increasing dependencies and interconnections are being established in the cloud. “We help them analyze their new IT environment by appointing specialists and providing applicable software components. We train and guide the customers through our consulting so that they understand the system dependencies and handle their complex security environment better,” asserts Kempf.
As a company that always strives to deliver the best solution for the customers’ evolving security needs, AKQUINET has increased the detection range of its vulnerability and SIEM scanner. Organizations that are involved in the groundwork to migrate to S/4HANA, the next generation ERP from SAP, can bank on AKQUINET as their competent SAP security specialist. By reassessing clients’ current concepts, the company offers an ideal solution for safeguarding their systems and taking the necessary security measures before they initiate their transition. Progressing ahead in full steam, the company is resolute to stay focused on the areas it’s active in currently, and at the same time has plans to extend its managed security services by establishing security operating centers in other time zones.“The plan is to provide local security services in the U.S. and Asia Pacific time zones by next year to help organizations with more personal and round the clock monitoring,” informs Kempf.