Security Not a Priority for SAP Projects, Users Report

A vast majority (68.8%) of SAP users believe their business placed inadequate focus on IT security during SAP implementations, researchers report in a new study on SAP security. More than half (53.4%) said it was "very common" to find SAP security flaws in the audit process. 

Turnkey Consulting researchers polled more than 100 SAP customers, all of whom were at the managerial level or above, across the UK, Europe, Asia, and the US. Their goal was to learn the cost and effects of SAP security remediation; to do this, they asked about participants' current security position, perceived costs to fix it, and plans for security in future SAP implementations.

Respondents expect SAP audit findings for at least 80% of companies, indicating a broad belief that auditors will focus on SAP as a business-critical system. But they are not confident in their SAP environments: one-fifth of SAP customers don't have the skills and tools to effectively protect their SAP applications and environments; 64.5% said they have "some" skills and tools.

Taking a closer look at specific areas of concern, 93.2% believe it's likely an SAP audit would reveal access management problems. Most (86.4%) think it's "common" or "very common" to have audit findings related to privileged or emergency access. This may indicate a broad lack of effective controls for privileged access management, or low confidence in current controls.

Overall, it seems these concerns are driving a stronger focus on security. Nearly 75% of respondents anticipate IT security will be a higher priority in future SAP deployments; 89.6% say security specialists should be recruited to support SAP S/4 HANA transformation initiatives.

Read the full report here.

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's featured story: "What Should I Do If Someone Is Impersonating My Company in a Phishing Campaign?"