Defense in Depth: ERP Security

For most organizations, their ERP solution holds its crown jewels. Should custom and complex applications that trade such vital customer and corporate data be secured any differently?

Check out this post and discussion for the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest for this episode is
Branden Newman, CISO, adidas, brought to us by our sponsor, SecurityBridge.

Got feedback? Join the conversation on LinkedIn.

Thanks to this week’s podcast sponsor, SecurityBridge

Advanced cybersecurity for SAP, from codebase to production. Powered by anomaly detection, detect threats in real-time so that they can be remediated before any harm is done. Eliminate false-positives and focus on actionable intelligence. Ensure compliance with direction to actual vulnerabilities, with amazing intelligence dashboards guiding remediation.

On this episode of Defense in Depth, you’ll learn:

  • The volume of log files are so overwhelming from an ERP system that most security groups just turn them off.
  • The reason you want an ERP-specific security solution is that they handle a lot of the log management and customization for you. You’ll still need to do plenty of customization on your part, but these tools take away a lot of the heavy lifting.
  • Make sure you’re on a first-name basis with all the key people whose departments are in the ERP system. You’re going to need their support and knowledge to build out the effective ERP solution matrix.
  • If you have ERP or SAP installed, move an ERP-specific security solution to the front of your security maturity program.

Defense in Depth