What you need to know about SAP Security

Posted on June 2020 By Speller International
Sap Security The Future

SAP Security consultants will be aware that there is a lack of jobs in the Security space and has been for a while now. It’s a concern when you have dedicated your life to one area of SAP and suddenly must re-evaluate.

So, what does this mean for SAP Security roles? We speak with seasoned Security expert Tofique Tambawala to get his perspective on the situation.

Why do you think SAP Security is not at the forefront of SAP technology now?

Traditionally, Security (in IT) has always been a downstream domain for businesses, and in the SAP world, it is no different. This makes sense in most cases as businesses in general prioritise 'functionality' and 'usability'.

The problem arises when the 3rd end of the triangle i.e. 'Security' is neglected or is thought about too late in the journey. It is a delicate balance of the 3 ends of the triangle.

What security risks do SAP companies currently face?

In my view, companies face a key problem of not having a view of the risks they have and not being able to adapt to changes due to poor and complex security design. There is less problem solving and more firefighting due to under-estimation of the security effort.

Unchecked users with elevated or sensitive access is a risk that could result in an internal financial breach/fraud and also negatively impact the company's goodwill. There is also the risk of non-compliance with legal implications and fines. All of these culminates in security eventually becoming a showstopper instead of an enabler.

Where do you see SAP Security heading? (i.e. developments in technology, the way technology is used)

SAP Security has always been operating in its own isolated manner. In my view, businesses would now like a more integrated approach as we move towards a multi-application approach.

This comprises of several different solutions (that are more specialised in their areas) with a mix of cloud and on-premise hosting. Hence the SAP Security space is evolving into a more holistic security world. This, in my view, is a unique and difficult skill to find.

What upskilling do you think SAP Security consultants should consider?

In my humble opinion, a more general security skillset is the way to go. Understanding the bigger picture and the overall security setup of an organisation, understanding of the real business risks and how they translate in the SAP world.

A good grasp of the new technologies also (like Robotics Process Automation and IoT) will be important and will impact the way we do security in SAP and the innovative solutions we need to come up with.

Another key skill will be the ability to communicate in a non-technical language to get business buy-in, along with a change in the mindset of 'Security being a business enabler.'

Do you see opportunities for SAP Security Consultants coming up in the future? If so, in what areas?

The short answer is, yes. Opportunities will come in different areas. Businesses that use traditional and manual processes will need day to day BAU and maintenance of the existing SAP Security system. Businesses that are more complex, have more automation, and have implemented an integrated solution.

The kind of consultant here would have a more holistic approach where broader skills will be necessary to work across the whole enterprise. In my view, the latter will have more opportunities and add more value to businesses over time.

Thank you to Tofique for his time and thoughts on this subject. If you would like to connect with Tofique, you can via his LinkedIn page.
Tofique Tambawala (S4HANA, GRC, FIORI, Cloud, IDM) | AWS | Cyber Security

Range { "anchorKey": "62", "anchorOffset": 0, "focusKey": "62", "focusOffset": 0, "isBackward": true, "isFocused": true, "marks": null, "isAtomic": false }

So, what has Speller International experienced in regards to SAP Security requirements?

The risk of security breaches and other cyber catastrophe’s is an ongoing concern, yet the way companies look at Security for their various applications and business processes in their enterprise has to be the key to identifying the need for the right kind of Security Consultant.

The good news is, though not as in demand as in the past, there will always be a need for SAP Security Consultants, but a more ‘fully rounded’ consultant with broader skills.

Many aspects of a Security Consultant need to be considered when looking at the future of Security. A focus on business processes, an enterprise view of Security and taking into account, not only the functionality, but looking at the bigger picture.

If you have any questions about SAP Security or would like to know more about SAP and the Speller Team, please follow us on LinkedIn.