SAP - May 2023

INNOVATING TO SECURE THE WORLD’S LARGEST PRIVATE CLOUD

he use of the cloud has truly taken off in recent years, but as cloud computing increases, so too do security threats. For companies such as SAP, which operates a private cloud, protecting the data of their customers is absolutely critical.

Roland Costea, the Global Chief Security Officer for SAP’s Enterprise Cloud Services, is responsible for running the Global Cybersecurity Program and Strategy for SAP’s Private Cloud.

“SAP is the coolest software company that your friends have never heard of,” he explains. “It puts a phone in every pocket but it's not Apple or Samsung, it puts shoes on the feet of the world, but it's not Nike or Adidas, it gives the world wings, but it's not Red Bull or Boeing.”

SAP’s Enterprise Cloud Services portfolio empowers customers to run a modern, intelligent ERP system in the cloud, enabling them to become cost-effective and sustainable intelligent enterprises.

One aspect of this portfolio is RISE with SAP, a business transformation-as-a-service platform that enables every company to become an intelligent and sustainable enterprise. “This is practically the vehicle to deliver SAP's Intelligent Enterprise Vision,” Costea adds. “It brings together the solutions and services you need, in one package, regardless of where your business stands now or where you want it to go.”

With Enterprise Cloud Services growing exponentially in recent years, SAP is innovating and moving with speed to stay one step ahead of security threats

RISE with SAP enables businesses on their transformation journey

Launched in January 2021, RISE with SAP helps companies seize the advantages of cloud computing in their mission-critical, core systems.

needs for true business transformation is simplicity,” describes Costea. “That means having only one company which is responsible for service-level agreements, operations and issue handling. That comes with the benefit of best-of-breed cloud infrastructure providing a native cloud landscape powered by SAP and our hyperscaler partners.”

is with them on each step of their road to an intelligent enterprise, migrating from the

ROLAND COSTEA

TITLE: GLOBAL CISO - ENTERPRISE CLOUD SERVICES

LOCATION: GERMANY

Roland Costea is a Security Executive and the CISO for SAP Enterprise Cloud Services. He is a high performing security business leader who plays a key role in driving the digital transformation of SAP’s customers into a secured intelligent enterprise using the private cloud. Throughout his career of almost 20 years, Roland lead to success different security business units in companies like Microsoft, IBM, Cognizant or Genpact and he secured and developed the first private cloud in Romania in 2010 when few people were actually talking about cloud.

Wherever your data comes from, wherever it needs to go, Cribl gives you the freedom and flexibility to make choices instead of compromises. You can collect, reduce, enrich, normalise, and route data from any source to any destination to best support your business goals, with Cribl.

"CRIBL GIVES US

OUR DATA HIGHWAYS." OBSERVABILITY

INTO AND THE POWER OF CONTROL, FLEXIBILITY

HOW CRIBL IS UNLOCKING THE VALUE OF ALL OBSERVABILITY DATA

With its platform enabling more choice and control over telemetry data, Cribl is helping SAP Enterprise Cloud Services accelerate its security initiatives

Cribl is on a mission to unlock the value of all observability data so that organisations can provide optimal and secure experiences for their customers.

As Ledion Bitincka, Cribl’s Co-founder and CTO explains, the main problems Cribl addresses in the market originate from an explosion in observability data. “According to Gartner, the amount of data is growing roughly by 25% every year, meaning that in about five years, organisations will have two-and-a-half times the amount of data that they’re dealing with today.”

Cribl’s flagship product in the market, Cribl Stream, is a vendor-agnostic observability pipeline. “It allows organisations to collect and gather this observability, security, and telemetry data and route it at scale in the best format to wherever it makes sense, for alerting, analysis or compliance purposes,” Bitincka says.

Roland Costea, the Global Chief Security Officer for SAP’s Enterprise Cloud Services is responsible for running the organisation’s overall global cybersecurity programme. “One thing that represents our overall cybersecurity strategy is speed: accelerating our end-to-end security processes and services,” he explains. “We also need control and visibility into our own datasets, so that we are able to make intelligent decisions. What excites me most about Cribl’s platform is that it gives us the control, the flexibility, and the power of observability into our own data flows.”

SAP is helping organisations modernise their business processes and become intelligent enterprises. “We are helping our customers to protect their core SAP workloads,” Costea adds. “With Cribl, we are able to spend less time on repetitive processes that can be automated, so that we can free up more time for innovation. When we innovate, we can better deliver on our customer needs, build better solutions, better partnerships, and be there every step of the way to help our customers achieve their goals.”

For more information visit cribl.io

That makes them more resilient, profitable, and sustainable by adopting best practice processes and industry next-generation practices.”

With SAP’s Enterprise Cloud Services continually growing, when it comes to securing the RISE with SAP platform innovation is essential.

“Enterprise Cloud Services growth has been impressive in the last two years, and we look forward to continued growth,” Costea comments. As a result, this growth means onboarding top customers from all industries with the strongest security requirements.

“ We collect and process tens of terabytes of data per day, and that amount of data flows over some big highways in the city of SAP”

ROLAND COSTEA GLOBAL CISO - ENTERPRISE CLOUD SERVICES SAP

“With that in mind,” he adds, “we need to innovate in the automation space in order to become more efficient and faster in processing big amounts of data, in creating detections, in tuning them, in making sure all the security controls are enforced at the deployment level and at the same time offering the visibility and transparency all these customers need.”

Securing RISE with SAP

When it comes to securing RISE with SAP, Security Engineering, Detection, Monitoring and SOAR each play a key role. SAP’s Security Information and Event Management system

is the core of the organisation’s Security Operation Centre, with Costea’s team working with one of the top software security providers to create the platform for SAP’s cloud. “In addition, SOAR components are integrated with our SIEM in order to support our security operations in the most efficient way,” he adds. “But that still is not enough.”

Central to Costea’s approach to security is speed. From that perspective, his team faced five main challenges.

“First,” he explains, “we needed the ability to easily manage data normalisation and enrichment to ensure the security triage

FROM THREATS TO DETECTIONS IN MINUTES

"Anvilogic is an innovator in the security space"

Roland Costea CISO - ECS, Executive at SAP

SAP automates detection engineering & hunting with Anvilogic

Anvilogic’s AI-driven platform for threat detection & hunting, unifies security operations to increase visibility & helps to find and combat threats faster

Cybersecurity company, Anvilogic, has a mission to democratise and unify detection engineering and hunting, empowering Security Operations Centre (SOC) teams to better protect organisations from cybersecurity threats with greater efficiency and effectiveness.

“We automate cybersecurity operations, particularly detection, engineering and hunting and investigations,” explains Karthik Kannan, Anvilogic’s Founder and CEO. “By automating the process of observing key capabilities of the enterprise, mapping them on frameworks like MITRE ATT&CK, we can then automatically provide insights and recommendations for what detections need to be put into place and automate that process,” explains Kannan. “From there, we progress into completely AI-led analysis of signals so that we can find revealing patterns for which there may have not been detections at all in the first place.”

As Roland Costea, the Global Chief Security Officer for Enterprise Cloud Services at SAP, explains, Anvilogic enables SAP to move quickly from threat research to building, deploying and then improving the detection process.

By including automation and AI in the security process, Anvilogic is helping SAP be more efficient and optimised, ultimately enabling it to respond faster to threats.

“Anvilogic is an innovator in this space and we are extremely happy with the partnership that will allow us to not only solve and improve ourselves, but also to have a unique approach to protect the private cloud and, ultimately, the data of the most important companies in the world,” Costea comments.

“I really like to work with innovative startup companies,” he concludes. “This brings the excitement that together, we can share insights to help develop the roadmap and how to continue to grow the Anvilogic platform. All of this can not only help SAP, but also help the whole world to address threat detection, investigation, hunting, and triage in a better optimised and, in the end, quicker way.”

team has the proper context and details to make quick decisions.

“Second, we needed a way to consistently measure our ability to detect priority threats across the MITRE ATT&CK framework in real-time and ensure we have a proper understanding of where and how we need to improve.

“Third,” Costea adds, “we had to streamline how detections are managed, deployed, and version controlled, while also improving the time to deploy them.

“Fourth, we had to improve our triage and analysis capabilities by understanding correlation relationships fast. And fifth, we use several tools in our Detection Lifecycle, and we were looking for a way to centralise everything.”

That, Costea adds, is where SAP’s work with the automated threat detection platform Anvilogic comes in, “which helps us to address these five challenges.”

A focus on zero trust

The rapid adoption of cloud services in recent years brings a new focus on Zero Trust principles. Organisations can no longer trust perimeter security alone with an “implicit trust” granted to assets or user accounts based solely on their physical or network location.

Most cyberattacks and data breaches come as the result of a stolen identity, and while more and more corporations are using identity protection solutions, this type of protection is not built into the architecture. Zero trust is designed to solve these shortcomings.

“SAP applications are business-critical applications for many enterprises and all of them think about two main use cases in regard to zero trust: to make connections between SAP solutions zero-trust compliant,

Experience Your SAP S/4HANA Transformation, Secured

Accelerate your SAP S/4HANA transformation with Zscaler’s Zero Trust Exchange. Our security cloud defends against sophisticated threats while ensuring a frictionless experience, propelling your business to innovate and grow at lightning speed. Experience the transformative power of zero trust with Zscaler.

Learn more about Zscaler for SAP S/4HANA today and start your zero trust journey here: Visit Zscaler or the SAP Store

and to facilitate more secure user access and accelerate migration to cloud solutions from SAP,” Costea explains.

“We work with Zscaler for RISE with SAP S/4HANA Cloud, public or private editions and SAP S/4HANA Cloud, private edition.”

The need for data observability

As Costea explains, when it comes to SAP’s security strategy speed alone is not enough: “We also need to have control and visibility into our own datasets so that we make intelligent decisions.”

Central to this is SAP’s collaboration with observability pipeline Cribl.

“We collect and process tens of terabytes of data per day, and that amount of data flows over some big highways in the city of SAP, and Cribl gives us the control over the lights, over the crossroads, over when do I want to close a highway or not. Because the private cloud is an extension of our customer's network, they feel like we are part of their network, and they want to have a bit more visibility into what this cloud service delivers for them from a security perspective,” Costea explains. “As a result, we decided to create specific data flows for customers interested in getting their log service in a controlled way, with the correct architecture built around what we call Customer Data Landing Zones. Speeding onboarding, enrichment, normalisation and masking features provide us with clean, relevant data on which to build better alerts and have data ready to accelerate incident investigation and response.”

Autonomous

Purple

Teaming.

The highway to cyber resilience.

Your best defence is offensive intelligence. CODA Footprint enables SOC teams to proactively identify exploitable cyber killchains and collaborate internally to disarm them in real-time. LEARN

Autonomous Application Exploit Engine as a service

Finding vulnerabilities and managing them in an environment that is already filled with new, emerging, and evolving threats can be overwhelming. The sheer volume of available patches that must be deployed each month is already massive and it continues to grow.

“In the context of SAP Private Cloud, the customer still keeps the ownership and responsibility to secure the application layer,” Costea describes. “That means on one side that the customer needs to cooperate with us in approving specific downtime windows, and on the other hand that they have a role in analysing product-related patches released by the SAP Product Development Teams.”

One of SAP’s new services, RAVEN, which will be launched as a pilot end of 2023, has a component developed with CODA that will allow customers to make decisions with speed and accuracy when it comes to managing risk.

As Costea explains, the service will deliver hyper-contextualised risk signals to customers, allowing them to take the correct and timely decisions when it comes to managing risk across their SAP cloud environments.

“Our goal at SAP is to build solid processes, leveraging bleeding-edge technology in order to help our customers reduce their real cyber risk exposure to nearly zero,” he adds. “And we know this requires continuous effort from all parties involved.”

AI and ML present new risks in the security landscape

The deployment of emerging technologies such as AI and ML are becoming increasingly common in automating and streamlining various processes. However, as Costea explains, these technologies present new risks, as they may become targets for attackers. “New vulnerabilities or zero-day exploits may be identified in these systems,

which must be considered,” he comments. “Another area of concern is the security of the Internet of Things, which has gained momentum in the market in recent years”.

As companies continue to adopt container-based architectures, container security, and Kubernetes-based security in the cloud are also emerging as important topics on the cybersecurity agenda.

“Overall,” Costea adds, “it is important to remain vigilant and proactive in identifying and addressing potential risks associated with these new technologies.

Quantum computing is another emerging trend that presents significant challenges to cybersecurity, with its potential to operate at much faster speeds than current technology meaning that current encryption methods may be compromised. “Encryption algorithms that were once deemed secure may become vulnerable in a matter of days, weeks, or months, rather than years,” Costea concludes. “These challenges require the industry’s attention in the coming years to maintain the security of sensitive data and systems.”

“Our goal at SAP is to build solid processes, leveraging bleeding-edge technology in order to help our customers reduce their real cyber risk exposure to nearly zero”

ROLAND COSTEA GLOBAL CISO - ENTERPRISE CLOUD SERVICES SAP

POWERED BY: