In previous articles, we have shared details of the robust security we implement at Novis at architecture level (networks, access, infrastructure, etc.), as well as role and profile security in SAP. (See Our cyber security solutions in SAP cloud operation).
However, this is not enough to stop attackers. SAP solutions handle critical-business information and are desired loot.
In this article we focus on SAP’s cybersecurity*, and how we are helping our clients prevent malicious actions, such as mass data downloading, credential theft and escalation, or users impersonating others.
In line with the company’s commitment to security, Flavio Fernandes, Novis CISO (Chief Information Security Officer) tells us about its challenges and the new cybersecurity services we are designing.
The products under development, which will be available in the coming weeks, are the following:
Our product focuses on preventing malicious actions, with 24×7 monitoring to detect and stop threats from attackers who are always looking for ways to bypass protection measures.
We are working with our partner (Protect4s) to detect and fix vulnerabilities in SAP code, access ports, etc. We expect that a high percentage of vulnerabilities can be automatically patched by this product.
Led by consultants with solid security experience.
A SOC is a security operations center, with 24×7 specialists, that monitors client systems, identifies the threat and takes containment actions.
Finally, new products will work in an integrated way with our Novis Cloud Manager platform, so we will be able to automate different security operations to maintain systems with the best market practices, thus avoiding human error in daily operations.
The hardening automation applies and maintains the most secure configuration parameters in systems and infrastructure.
The client will also have a user-friendly interface to view live status of their data security, access, incidents, etc., through integration with the Novis monitoring system.
We designed these services to deliver the following direct benefits to the client:
There are more projects in development, which we will tell you more about later. We are constantly researching and testing new technologies.
The number of clients in many countries with advanced security requirements has led us to develop advanced solutions.
In fact, attacks on any company or institution using SAP are common, and our tools have enabled us to detect all those that affect our clients. In addition, we have conducted several tests upon request, particularly for the financial industry, where they simulate cyber-attacks, and our response has been successful. We hope that with these new services we will continue to raise the level of security for our clients who require it.
We are also committed to complying with international security standards and have certifications in several recognized standards in the market, such as ISO 27001, PCI-DSS for credit card data protection, SOC2 for the North American market and adopting the NIST standards.
At Novis we have specialized knowledge of what it takes to protect, under the highest standards, your SAP solutions against the growing cybersecurity risks to which they are exposed.
We invite you to contact us for more information.
Feedback/discussion with the author Flavio Fernandes, Novis CISO, firstname.lastname@example.org
* Note: Information security focuses on protecting all of an organization’s data, both digital and analog, in all the forms in which it is stored. Cybersecurity focuses specifically on a subset: the protection of digital data. It is the practice of protecting networks, devices, applications, systems and data from cyber threats, to prevent attacks that attempt to access or destroy data, extort money, or disrupt normal business operations.