SAP FIORI and Virus Scanning: What You Need to Know

Jun 21, '18 by Joerg Schneider-Simon

Our world is getting increasingly mobile. Our socializing, our banking, our dating, our bitter family arguments about politics … more and more, it’s all taking place on our mobile devices.

Business is no different. Increasingly, company employees and partners are accessing business operations and data from their commutes, while at lunch, or while sitting at an airport. SAP FIORI allows users to access a simple, user-friendly version of commonly used SAP transactions.

But does the increase in convenience have a dangerous downside? 

Why SAP FIORI Increases Your Cybersecurity Risk

To fully understand why FIORI increases the risk of SAP (and your company’s data) being compromised, it’s important to understand that the problem lies not only with FIORI, but with SAP itself:

Why SAP is Vulnerable

SAP is a business powerhouse, but it’s also a unique system with its own rules and its own way of operating. Because SAP applications process and store files within their own databases or SAP-proprietary data repositories, regular virus scanning won’t help detect if files have been compromised, because virus scanners can’t see inside those databases and data repositories.

Why SAP FIORI Heightens that Vulnerability

This means SAP has security vulnerabilities. SAP is excellent at keeping on top of these vulnerabilities, issuing patches and keeping clients up-to-date on how to keep their systems safe.

FIORI, however, introduces an element that SAP cannot control: human interaction.

Because FIORI is accessed outside of the office on mobile devices, an entirely new range of user-related risks come into play. All it takes is one user to leave their device unlocked, and it’s child’s play for someone to steal the device, access the SAP system, and carry out a crippling cyberattack.

Even simply using the device in a public environment opens an opportunity for any cyberattacker who may be lingering nearby to videotape the user typing in their login and password.

Clearly, using FIORI to access an SAP system via a mobile device in an unsecured environment compounds the risks already inherent in SAP itself – and the odds of falling prey to a cyberattack increase exponentially.

Securing SAP FIORI From Cyberattack

The good news is there are ways to improve the cybersecurity of your SAP FIORI applications.

The best place to start is to remind employees of basic cybersecurity hygiene:

  • Use strong passwords on mobile devices
  • Never leave their devices unattended in public
  • Avoid using public wi-fi
  • Always be aware of their surroundings, especially when logging in

This is a great first step, but your work is far from over. Because savvy cyberattackers are not so easily deterred, using a cybersecurity solution that is specifically designed for SAP will help ensure that even when (not if) cyberattacks are attempted, they won’t make it past your defenses.



Visit the SAP FIORI Cybersecurity Page