The advent of widespread cloud adoption for SAP systems represents a watershed moment in the industry. These changing times have ushered in the need for a fundamental shift in SAP security strategy, according to Joerg Schneider-Simon, Co-Founder and Chief Technology Officer of bowbridge Software.
Schneider-Simon’s company has introduced a new application to meet the moment. bowbridge Anti-Virus 4.0 – Cloud for SAP® Solutions was designed explicitly to address the weaknesses of cloud-based SAP environments, with advanced security capabilities that include:
- Industry-Leading Malware Detection: Choose between Trellix and SOPHOS for reliable protection.
- Defense Against XSS Attacks: Shield your SAP applications from cross-site scripting vulnerabilities.
- Protection From Embedded Content Threats: Mitigate risks from macros, JavaScript, OLE/DDE, and other active content.
- MIME-Type Filtering: Enforce strict controls on file types to prevent unauthorized access.
- Seamless Integration With Network-Based Anti-Malware Solutions: Enhance your security strategy with multi-layered defenses.
Schneider-Simon said organizations using cloud-based SAP shouldn’t wait to protect their SAP file transfers. He explained why in a recent Q&A.
What are some of the biggest concerns you're hearing from organizations about maintaining their SAP security framework in the cloud?
Their main concern is about losing individuality. Cloud operators, whether SAP or otherwise, are always aiming for scalability effects. They achieve them by standardizing as much as possible. They deploy a standard OS image—the same to all customers. They deploy a standard application server image—the same to all customers. And they deploy standard security—the same to all customers.
This makes sense for OS and app server images. But treating all security the same, and at the same time having to be permissive enough not to break business processes for multiple customers, means security is reduced to the smallest common denominator. It's a sort of one-size-fits-all security policy, which ends up being too lax for every single customer individually but works for all customers collectively. It’s quite the opposite of a tight security policy.
Also, there is a growing number of customers complaining about the "blackbox” approach to security taken by many providers—including SAP—where many of the security tools, processes, and automations used are not disclosed to the end-customers.
What should cloud-based SAP users be concerned about when it comes to file transfers?
Customers should be concerned about file security that’s too lax – for exactly the reasons I just mentioned. Also, the lack of granularity in the controls offered by the product chosen by the cloud provider.
bowbridge Anti-Virus 4.0 - Cloud returns full control of every aspect of the security settings to the customer, even in a cloud environment. So, cloud providers can deploy our solution as a standard tool, but the end-customer still has full granular control and can keep the settings related to file security as tight as needed.
Starting in Q2 2025, bowbridge will further enhance our cloud solution by releasing a managed service provider offering, targeting customers who want full granular security settings but also want an expert team—either at the cloud provider or at an independent SAP-MSP—to manage and monitor on their behalf.
Why do you think organizations overlook file transfer security?
The most common misconception is that file security solutions deployed at the OS-layer will also secure SAP applications. But that is clearly not the case.
Also, many organizations are hyper-focused on malware. They completely underestimate the risk arising from active content embedded in legitimate files.
What kind of governance model do you recommend for SAP-specific and other cloud-based apps when it comes to file transfers?
Files ingested into or exported from SAP are 100% the customer's security responsibility. SAP's shared security responsibility matrix for cloud applications states that very clearly for both SaaS and PaaS offerings. Since these files are application-layer data, they cannot be secured by the infrastructure provider, simply because they do not see them.
Looking to the future, what should organizations expect on the horizon for SAP security generally and related to file transfers?
Download our detailed product sheet to learn more about bowbridge Antivirus 4.0 - Cloud for SAP® Solutions.
SAP applications will remain the backbone of enterprise business processes, so protecting them from malicious content remains imperative. As these applications are moving to environments that are no longer fully controlled by the customer, I foresee, in two or three years, the focus of file security shifting from "blocking bad stuff" to more of an "allow only the known good stuff" approach, like zero trust.
Going forward, technologies like Content Disarm and Reconstruct (CDR)—which completely deconstruct incoming files and rebuild new files, incorporating only known safe content—will replace todays virus scanning approach. And bowbridge will lead the charge by providing such technology as BTP services in late 2025, which can then easily be incorporated by any application, on-premises and in the cloud.
Ready to protect your business-critical data in a cloud-based environment? Schedule a consultation with bowbridge’s experts to explore your specific needs.
Share this on social: