Home - IT Training - ERP - SAP Technical
SAP/ERP systems can provide considerable benefits for medium and large organisations
but they can also introduce significant risk to the security of critical data and resources.
The risk is frequently not acknowledged or managed effectively when SAP/ERP systems
are deployed.
Central to ERP is the commitment of all business function resources and information to a
central ‘resource planning’ platform. Centralising information is essential for sharing data
across the organisation but, should any malicious user gain access, the threat to the
business is much greater.
What is surprising is that information security is not a central consideration as part of a standard SAP/ERP deployment. Instead, it tends to be treated as an after-thought. The result is that network security is inflexible or ineffective leaving corporate data and assets vulnerable to attack. Holes in the network perimeter via ‘backdoor’ access routes are not closed off, internal security risks are overlooked, usernames and passwords are passed un-encrypted. Where attempts are made to provide security, users face inflexible procedures that make SAP applications difficult to use and the user less productive.
Information security and SAP/ERP
ERP systems are typically complex and involve significant organisational and
operational change. Business teams focus on managing the programme of
implementation and delivering results from the SAP/ERP system. The need for an
effective information security solution to support and protect the SAP/ERP system is not a primary consideration.
Standard practice for SAP/ERP implementation does not look at information security for the SAP/ERP system as a whole. Instead, existing network defences may be considered sufficient, or additional security measures are added on as each software module is implemented.
- The threat from inside the organization
- Traditional security measures restrict productivity
- Security of login details
- The threat from outside
- Added costs for the business
