NTT DATA Business Solutions

Benefit from Quick Implementation of IT Security Best Practices

When it comes to IT security, data protection and compliance, there is no room for compromise. You need a partner you can trust – a partner like NTT DATA Business Solutions.

image

Cybersecurity and Data Protection Legislation in Safe Hands

IT security was once a specialized area of business, but has become a key focus for enterprises in recent years. Organizations are urgently seeking IT security best practices and security concepts that mitigate risks – both in terms of technology and IT compliance – while tackling company-specific challenges such as risk management.

Digital business transformation is a must in order to be market relevant, competitive and successful. At the same time the business is challenged by customers decreasing trust due to increasing digital vulnerability to criminal cyberattacks and insider threats. Therefore, cybersecurity resilience initiatives are essential elements of the digital business transformation process and complex data security and compliance controls must be supported by intelligent 24/7 automated solutions. Effective cybersecurity resilience demand both technical and organizational security measures to be effectively embedded in the digital business operations.

NTT DATA Business Solutions provide digital security transformation solutions and services based on standardized best-practices such as SAP Security Operations Map, ISO 27001 and CIS.

Security Compliance

The “Security Compliance” layer focuses on the Security Governance and regulations around the SAP systems, to which the SAP systems have to adhere themselves e.g. general or IT specific Security Policies, Audit requirements or Emergency Plans as well as Cloud Security governance. Examples are: SAP Security Baseline, Secure Change Management Policy, Vulnerability Management Policy, Backup and Recovery Policy ans Internal Audit Policy.

Secure Operation

“Secure Operation” focuses on the vital security aspects of the daily business use of the systems. Users & Authorizations configurations are essential to the demonstration of “Business need Only” principle and ensuring only purposeful and intended use of Business data.

An Authorization Concept shall guide the Users, Roles and Authorizations design or re-design, implementation and continued maintenance. Technology driven design is highly recommended for this complex task and to ensure minimum business impact.

The day-to-day user management lifecycle shall be managed across the system landscape and compliance with segregation of duties risk (SoD) shall be monitored and maintained. Technology driven SoD and critical authorization risk management is highly recommended for minimum business impact and effective internal audit.

Authentication ensures verification of the true identity of a claimed user. Single Sign-on provide simplification of the user sign-on process across a multiple systems landscape. Support Security shall be defined and implemented to control and securely manage the need for extended access and authorization and to ensure availability and business continuity at times of crisis 24/7. An Emergency Access solution is highly recommended to ensure transparency of extended system access.

Security review and monitoring is highly critical in order to detect and respond to powerful cyberattacks and forensic investigations and to meet data regulation compliance. Only through intelligent real-time monitoring automation embedded with the organizations established security monitoring this security aspect can be effectively fulfilled. This is a priority 1 safeguard measure for all SAP based business’ to lead their vulnerability mitigation process based on factual actual risk. Read about SecurityBridge here.

Secure Setup

What used to be good security practice is no longer necessarily the case. Secure Configuration of the SAP systems shall be based on a formally approved SAP Security Baseline reflecting the current business risk, the business risk appetite and the decided security measures. Security Hardening is the process of ensuring a standardized security configuration across the entire SAP landscape according to the Security Baseline. Security Hardening is strongly recommended for the business to “get-clean” and to “stay-clean” and document its secure operations compliance and demonstrate data protection accountability.

Communication Security deals with the security of communication connections between systems; is proper authentication, authorization, encryption and key management defined in the Security Baseline and established and maintained across the SAP landscape?

Data Security deals with the security of data at rest change and read access control and logging, purpose driven encryption of sensitive or all data and additional protection mechanisms like data masking.

Intelligent real-time monitoring automation is highly recommended to ensure continued security through regular security configuration scans and penetration testing.

Secure Code

Security Maintenance of SAP Code is crucial to the security of the SAP landscape. SAP continuously invest in security and publish Security Notes on “SAP Security Patch Day” – second Tuesday every month. It is strongly recommended to implement an official Vulnerability Management policy and procedure to ensure that all relevant Security Notes are installed on a regular basis. Unpatched systems represent a high-risk vulnerability and must be mitigated. Custom Code Security rely heavily on the ABAP Custom Code Lifecycle Management process – does all code undergo security evaluation? In order to ensure a proper secure code development, it is highly recommended to apply Intelligent real-time monitoring automation with code security scanning in order to enable the Security by Design principle.

Infrastructure Security

The “Infrastructure Security ” layer focuses on SAP specific requirements towards the non SAP technical environment e.g. network, operating systems, non SAP databases, clients. A strategic risk based information security management approach is highly recommended based on ISO 27001, NIST or similar including Threat Intelligence solutions such as SOC (Security Operations Centre) is highly recommended to enable a resilient cyber defense architecture.

IT Security & Compliance – a Matter of Trust

Whether it’s a question of enterprise IT or data center security, defense against cyber attacks or compliance with regulations, today’s businesses require an end-to-end security concept and a trusted partner to provide ongoing support.

Olaf Haag Head of Process Integration and Architecture Management, NTT DATA Business Solutions AG

Watch Our Recorded Webinar

image
Webinar Recording
Identifying Key Vulnerabilities in SAP Application Security

Watch this webinar and learn how SecurityBridge can support “ability to execute” by utilizing automation.

Watch Now
Digitization is having a significant impact on data legislation for modern organizations

The Three Biggest Challenges in IT Security

1. Companies Becoming More Connected

Digitalization is turning the isolated IT systems of the past into open systems. These systems include distributed infrastructure comprising cloud software, on-premise solutions, business partner networks and machine-to-machine communication. This openness to the outside world forms the foundation for digital transformation.

However, it also means an increased vulnerability to cyber attacks. It creates some areas of uncertainty about whether data protection legislation is being complied with. In this new climate, the topics of cloud security and IoT security are increasingly pertinent.

Learn about the growing value of data and how to use its potential to develop IT security best practices.

2. Data Growing in Value

Big data forms the backbone of today’s smart, digital business landscape. Data has become the most important resource – and companies share huge volumes of data online with customers and business partners.

This makes companies an attractive target for cyber attacks, which can involve ransomware, industrial espionage and manipulation. To protect against these threats, enterprises, including SMEs, must employ a new kind of risk management.

Discover more about the increasing threat of cyber attacks.

3. Attacks Becoming More Sophisticated

According to figures provided by SAP, as many as 65 percent of companies are now reporting targeted attacks and advanced persistent threats (complex, continuous attacks on critical IT infrastructure and private data).

Professionally coordinated groups have taken over from private hackers, who mainly wanted to put their own abilities to the test. Today, wealthy organizations are able to threaten a company’s entire business infrastructure – and they are not only targeting large corporations.

Complying with the GDPR is immensely important for your business.

How to Comply Successfully with GDPR

General Data Protection Regulation (GDPR) has had a massive effect on all companies, introducing greater regulation, control, and governance over personal data. What does this mean exactly?

Short and simple: far stricter rules for capturing, storing, processing, and managing data. It’s high time for organizations to bring their SAP landscapes in order now, since data breaches result in substantial fines. Are you wondering what impact GDPR has on your company? Our experts give you the answers.

Read more

What to Look Out for in Digital Risk Management and Governance, Risk & Compliance (GRC)

Ensure Cybersecurity

When it comes to repelling external attacks and minimizing the damage they cause, basic firewalls are no longer sufficient. Companies today require intrusion detection systems as well as cloud data centers that block unauthorized access – from both physical and online sources.

With the Internet of Things (IoT) and mobile devices, the secure operation of SAP systems is also becoming more complex. As such, it should be left in the hands of experts who are at the forefront of development and can intervene anywhere and at any moment – through managed security services, for example.

Implement a Three-Lines-of-Defense Model

Today, a company’s IT can go from secure to under threat quicker than ever. To maintain control, an enterprise needs a systematic approach for identifying, understanding, analyzing, and evaluating risks.

NTT DATA Business Solutions’ security experts help you implement a three-lines-of-defense model that synchronizes all processes in operative management, risk management and internal audits. This gives you a clear view of risks and means you always know if you are meeting compliance standards.

Benefit from End-to-End Fraud Management

Fraud in business can often be attributed to flaws in the authorization concept or IT infrastructure. With comprehensive fraud management, you are alerted to threats as soon as they arise, allowing you to react quickly and effectively.

This benefits not only your company internally, but your entire network – as business partners increasingly share IT systems that they monitor automatically. This way, you prevent unnecessary financial losses from the outset.

Gain Control of Access and Authorization Management

While identity and role management are well-established topics, their importance to IT security and compliance cannot be overstated. Today, a far greater variety of devices have access to business data – and this gives rise to new challenges.

Companies need the ability to instantly grant and remove access rights to individual systems and data as they see fit. They also have to keep track of an ever-growing workforce. And faced with an increasing number of distributed IT systems, they require single sign-on authentication across all domains.

Guarantee Secure International Trade

Digital platforms are increasingly becoming marketplaces for all kinds of goods and services. Yet, although the web is unrestricted by physical borders, many rules and regulations on international trade still apply – and it can be difficult for an individual to take all of these into account.

Businesses that work with global supply chains must therefore ensure IT compliance – especially where imports and exports are concerned. Reliable solutions and data centers enable the secure transfer of digital goods and data between trade partners.

How to Ensure Digital Security

No single piece of standalone software can guarantee digital security. Instead, it requires infrastructure that permanently monitors your IT systems and automatically captures security-relevant data. At the same time, it calls for experienced specialists to analyze this information, differentiate between critical and non-critical findings, and take necessary security measures.

Olaf Haag Head of Process Integration and Architecture Management, NTT DATA Business Solutions AG

Learn more about how itelligence can support you in implementing vital cybersecurity measures.

How We Can Support You

At NTT DATA Business Solutions, we combine our expertise in SAP applications with NTT Security’s in-depth knowledge of IT infrastructure. Thanks to our Security Operations Centers and Security Management Services, you can rely on round-the-clock support wherever you are in the world.

New Technology Driving the Transformation of IT Security

Digitalization is now fully underway. More and more businesses are migrating their SAP systems to SAP HANA and adapting their business processes to modern market conditions. Various migration options and best practices facilitate this changeover.

But how does it look from an IT and SAP security perspective? Which measures have to be taken to ensure security within the IoT, SAP Cloud Platform, SAP S/4HANA, SAP Fiori, and SAP Leonardo environment?

These are questions that can be best answered with a competent partner by your side. With our customized solution models, we accompany you through a smooth and successful digital transformation process.

More Useful Insights into IT Security & Compliance

image
Fact Sheet
Master the Complexity of Real-Time Cyber Security of Your SAP Landscape

Turn your SAP landscape from a "black box" into a "white box" for your security team.

Download
image
White Paper
Information Security – Join Us on a Journey Without a Destination

Find out more about key security trends, your peers’ point of view as well as SAP’s security strategy and portfolio.

Download
image
White Paper
Discover SAP’s Standards, Processes, and Guidelines for Protecting Data and Information

How to secure your IT systems and face challenges of digital transformation successfully.

Download
image
White Paper
How SAP Ensures Security of Its SAP Cloud Platform

Learn more about SAP’s comprehensive approach to security and get to know available security services and their functional capacities.

Download
image
White Paper
See Why SAP Solution Manager Is the Tool of Choice for SAP Landscapes When It Comes to Security

Learn about building, setting up, and operating secure SAP landscapes, and how SAP Solution Manager supports these tasks.

Download

Related Topics

Speak to Us Today

Are you searching for answers or would like to receive more information about IT Security and Compliance? Do you want more detailed advice from our experst or wish to book an IT Security and Compliance workshop?

Just contact us – we will be happy to help.

Contact Us
Contact Us

Have questions? Please contact us.