SAP systems are among the most secure on the planet. However, despite this, recent SAP integrations with other systems have created weaknesses where they connect to each other. Preventing risks and designing strategies to mitigate potential damage has become a fundamental task.
In this sense, one of the most recommended tactics is the application of zero trust systems. In this ZTalent blog post we talk about them and the advantages they can bring to the security of our SAP systems.
Zero trust systems: what they are
Microsoft defines them as the assumption that there are security breaches. The basis of zero trust systems is to check every request as if it originated in an open network. Regardless of the origin of the request or the resources it accesses, zero trust systems teach you to always distrust and check.
In this way, every access request goes through a complete authentication, authorization and encryption process before access is granted. The access principles of micro-segmentation and least privilege are applied to minimize lateral movement. Sophisticated analytics and intelligence are used to detect anomalies and respond to them in real time.
So, by way of summary, zero trust systems operate on the premise that no user can be trusted unless validated otherwise. This means that even accounts on managed devices need further authentication and validation before the system will trust them.
Why implement zero trust systems in SAP?
Interconnection has historically been a difficult thing to achieve. For connections between SAP and other systems, no matter how much security the company introduces, there will always be vulnerabilities to fix. From an administration point of view, the only way to ensure enterprise-wide security is through zero-trust systems.
The most pervasive problem, according to SAP expert Maya Chowdhury, is the combination of on-premises systems with cloud processing systems. Cloud security uses a different level of access permissions than on-premises security. In many cases, a company running an on-premise SAP solution may consider migrating to the cloud only to realize that all of its cybersecurity permissions may have to change. The system is further taxed when using integrations between SAP and other systems, as these could create chinks in a company’s cybersecurity armor that can be exploited. Zero trust systems are one way to address this.
Validation, the main advantage of zero trust systems.
Cybersecurity experts agree that most enterprise security breaches are rooted in the theft of user data. Compromised credentials can happen to anyone, but sometimes the security team doesn’t realize the credentials have been compromised until many months after the fact.
Some companies address this by creating a timed password change system, where a user’s password automatically expires after a set amount of time. However, due to the speed of today’s systems, it is too late to prevent data theft or the installation of malware on systems. Most of the time, the compromised user may have loggers installed on their system that allow a malicious user to obtain the new password as they change it, defeating the system.
Zero trust systems address this problem at its core. Since no user can be trusted, all validation must be performed multiple times. Just because a user has the correct password and authentication data does not necessarily make him or her trustworthy. In these systems there is a continuous flow of data. Access privileges change depending on the user’s group, and it is much easier to detect malicious activity belonging to a particular account. Dynamic security permissions are crucial indicators of these systems, as it is tedious to apply group permissions on every subset of a growing system.