How can your organization improve its Systems Applications and Products (SAP) risk posture? Aligning with the key principles of zero trust through tangible and specific measures is one way.
To begin, let’s define the principles of zero trust. We’ve all seen the types and breadth of zero trust out there. Which are most relevant to SAP?
Three Principles of Zero Trust
Principles
Focused Concepts
Implement Least Privilege – Provide minimum required entitlements, roles and authorizations to reduce the attack surface
Access management, privileged access management, segregation of duties and access risks
Assume a Breach – Proactive and real-time security operations under the assumption that systems have been breached
System hardening, threat and vulnerability management, audit logging and forensics
Never Trust, Always Verify – Continuous verification of identity instead of reliance on single point-in-time authentication
Identity, authentication and single sign-on
The overall objective of zero trust is to reduce the attack surface. It assumes trust is a form of risk and cannot be completely removed from a business. Using a zero trust framework provides a baseline in which an organization can identify and use the right access controls, risk management and authentication protocols to empower the business.
The Principle of Least Privilege
Anyone familiar with SAP roles and authorizations knows the SAP security structure is complex. Limiting access to only the required authorized business and IT activities can be daunting, especially if you manage it manually. Best practices for using least privilege focus on appropriate access controls. Most organizations have some sort of governance, risk and compliance tooling to support access risk analysis for SAP applications, but not all.
When attempting to address access risks, organizations must have an exhaustive map of risks f ..
Support the originator by clicking the read the rest link below.
