Cybersecurity for SAP Managers: FIORI Cybersecurity

Mar 12, '19 by Joerg Schneider-Simon

Managers tasked with SAP cybersecurity used to have a (slightly) easier time with threat management. The primary reason? Every SAP end user was contained within the company’s four walls. All endpoints were known, and the SAP system was a closed loop.

That has changed drastically in recent years. Not only are external parties — suppliers, job applicants, customers, contractors — now gaining access to SAP systems through business processes, but internal parties are taking SAP beyond the office thanks to SAP FIORI.

SAP FIORI is a user experience for SAP software that allows end users to access commonly used SAP applications, like CRM, SRM, and ERP, outside of the internal office environment. In practical terms, this means that FIORI users can access manufacturing, HR, supply chain, asset management, sales, finance, and more from their laptop, smartphone, or tablet.

On the one hand, this level of accessibility makes businesses more efficient than ever. Outside sales reps can update CRM from the field instead of having to wait until they’re back in the office. A manager who is working from home that day can still access mission-critical financial applications. Supervisors can enter production data into ERP right from the manufacturing floor.

On the other hand, this level of flexibility comes at a cost: A massively increased risk surface.

3 Reasons Why FIORI Is Vulnerable

As mentioned, the flexibility of FIORI is a double-edged sword. By taking SAP out of the office and into the warehouse (or car, or coffee shop, or home office…) convenience and efficiency are increased. Invariably, however, these environments are nowhere near as secure as in-house environments.

Here’s why:

Unsecured Devices

While we would never dream of leaving our work computers accessible to total strangers, we often do just that with our phones. The numbers vary, but experts estimate that anywhere from a quarter to almost half of smartphone users do not use a passcode, PIN, pattern lock, or other security measure on their device, relying solely on the “swipe to unlock” feature. If the device is left unattended or unguarded (in a back pocket, for example), it would be child’s play to steal the device and access its applications.

Unsecured Networks

Because FIORI is so often used on the go, it is often accessed via public wi-fi, which in many cases, is not protected with a password. This makes it simple for cyberattackers to intercept data and even set up redirects, stealing the user’s login credentials and using them at will to engage in data theft or sabotage, or to insert malware.

Unsecured Environments

A home office is relatively secure, but what about a coffee shop? Or a coworking space? A busy staffer may be too focused on their work to notice that someone is covertly filming them typing in their credentials, piecing together their login and password in a matter of minutes.

How SAP Managers Can Secure FIORI

As an SAP manager, focusing on processes and permissions is a significant part of your role. This is all the more reason why it’s so important to look at SAP security and SAP cybersecurity not as separate fields, but as interdependent halves of the complete SAP security picture.

As workforces grow increasingly flexible, with remote work becoming more common and the supply chain becoming more connected, it’s vital to stay on top of SAP’s external environments to make sure that the only people accessing FIORI are those who should be accessing it.

A major key to this is employee education and diligence. Reminding employees to be more aware of their device security and their surroundings can do a long way toward making FIORI as secure as in-house SAP.

To learn more about how to keep FIORI safe, including some helpful cybersecurity steps that network administrators should take, don’t miss our Guide to SAP FIORI Cybersecurity

Visit the SAP FIORI Cybersecurity Page