How to keep crooks out of your SAP system

At McCoy Managed Services we are aware of the fact that securing your SAP environment today is more important than ever. A recently published report of SAP and Onapsis states that between June 2020 and March 2021 1500 attacks on a SAP environment were registered from which 300 were successful. All attacks could have been prevented when already available patches were applied when released by SAP. And that’s exactly why at McCoy we have several security related services from which the most important ones are part of the standard services we deliver for each customer we are responsible for.

Immediate action on priority 1 issues

First and most important are customer notifications in case of SAP HotNews that contain security leaks or program errors that can cause severe issues on the customer SAP system. Together with the customer an impact analysis and implementation plan is made and the required measures are taken to implement the patch before a malicious attacker can take advantage of it.

Having the processes in place

In addition the most important topics regarding (security) patch management are discussed during the Service Level meetings that we have with our customers every month. The input for this meeting is gathered from the automated Early Watch Report together with the priority 1 and 2 SAP notes from the System Recommendation application that is part of Solution Manager.

Having this procedure in place takes care of all the vulnerabilities mentioned in the report that SAP and Onapsis have published.

Keep your SAP installations up to date

One last topic I want to briefly talk about is that the current state of the SAP system determines the effort it takes to implement high priority patches. That’s why at McCoy we create maintenance plans together with our customers every year to keep the SAP systems, that most of the time are at the heart of the company, stable and secure. The maintenance plans contain detailed actions regarding the maintenance for every SAP asset in the customer landscape.

Curious what the current state of your SAP landscape is and how we can help to make it more secure? Please contact Bas Gijsbers (McCoy Managed Services) or Eric Bigot (McCoy SimplyComply)