Three initiatives to secure digital transformation projects

Digital transformation projects are at the forefront of SAP customers’ minds. But digital transformation projects that fail to go to plan can be extremely costly. Users often face challenges when it comes to migrating custom code applications to S/4HANA with Rise with SAP.

JP Perez-Etchegoyen, CTO of Onapsis, explored how organizations can plan for these migration projects. Perez-Etchegoyen said project failures will cost an average of more than $4m and as a result of not considering security, projects are “spiking in cost.’

There are three initiatives that can help organizations dodge this obstacle, according to Perez-Etchegoyen. The first is a comprehensive risk assessment to identify vulnerabilities and risks in the project.

He said: “In most organizations, they have a lot of history – years and years, with mergers, acquisitions and so on. These different factors will lead to complex environments. Being able to identify security issues in those environments that you want to migrate or convert – that’s the starting point.”

Vulnerabilities in the custom code, such as SAP environments, can contain anywhere between two to a hundred million lines of code.

That code may have quality issues, maintainability issues, security issues and code that is not being used. Identifying these factors early on is crucial in aiding decisions to help digital transformations and cloud migration projects.

Robust cybersecurity is another initiative highlighted by Perez-Etchegoyen. He says that any cybersecurity framework can be used but that users will come to see the need for encryption, strong authentication and things like penetration testing and continuous monitoring.

He said: “Many different aspects of security are typically detailed in cybersecurity frameworks. Implementing a strong one as part of that project is going to help you identify those controls, quality gates and places where you need to strengthen security.”

And thirdly in the top three is employee training and awareness. The human factor is very important in security because the human link is typically the weakest, he says. That’s the one that cyber threats will tend to target first through different ways such as phishing -this makes employee training crucial.

“We need to train individuals to protect themselves but also to protect the company assets and identify when someone is trying to use them to access or compromise the organization,’he adds.

Doing so will result in more secure systems and less issues from a compliance point of view. This initiative is additionally cost efficient, identifyingany issues early on in the project.

The Onapsis Cybersecurity and Compliance Platform provides organizations with such visibility into business-critical SAP applications, such as ERP, CRM, PLM, HCM, SCM, BI and more. The platform provides a common security compliance overview of multiple security disciplines and technologies. Find out more here.