Analyzing interfaces: How to detect weaknesses in the IT environment

SNP Experts
| 3 min read

Do you know how many interfaces exist in your company's SAP landscapes – regardless of whether they are actively used or not? Eventhough interfaces are important for agile business processes in order to ensure the exchange of information with internal and external communication partners, the risk of potential data leaks increase proportionally. We show what companies can do to protect their sensitive data. 

 

In the age of cybercrime, GDPR and cloud computing, data security is an issue that companies around the world are concerned with. Decentralized work in the cloud, functional enhancements and the increasing networking of devices and Internet of Things applications are leading to a growing complexity of SAP landscapes. As a result, the security risk increases. Companies should know which systems communicate with each other and which data is exchanged between these systems. Thus they can protect themselves against attacks. Interfaces play a central role in this.

 

More interfaces than expected

In a typical SAP system, several thousand interfaces converge. They facilitate the data exchange between programs as well as access to web services, apps and solutions that run in the cloud – at customers, subsidiaries or suppliers, for example. Usually, there are more interfaces than even the companies themselves assume. This fact is illustrated by an interface scan recently carried out by the software and consulting company SNP Schneider-Neureither & Partner at a large corporation: instead of the 2,500 interfaces assumed by the company, the number came up to  11,000.

 

Consequences of cyber attacks and data theft

If interfaces and points of interaction are outdated or unsecured, cyber criminals can access sensitive data and information with little effort. A cyber attack or data theft can hit companies hard and have both financial and legal consequences. In addition, the company's reputation suffers. The situation has worsened due to stricter requirements such as the EU General Data Protection Regulation (GDPR). Non-compliance with the new regulations may result in high fines.

 

The SAP UK versus Diageo case

Recent judgement of the British High Court in the SAP UK Limited versus Diageo Great Britain Limited case shows just how important it is to know and understand your interfaces. SAP had sued the spirits producer for a subsequent payment of license and maintenance fees amounting to more than 62 million euros. The software manufacturer referred to unofficial users who had accessed Diageo's SAP system via interfaces. The court concurred with SAP's view that indirect access also constitutes a right to user fees. How much Diageo actually needed to pay was to be determined on the basis of the specific license conditions or the SAP price list. 

 

The solution: Automatic scan of interfaces

Companies are increasingly aware of the risks of unsecured interfaces – yet many of them still do not have the situation under control. However, there are ways to protect your business from unpleasant surprises.Innovative IT solutions such as the SNP Interface Scanner support you in analyzing and documenting interfaces automatically with little effort.

 

Analyze your communications infrastructure, minimize risks

If the data has been collected via the interface environment, all relevant stakeholders are required to check it. This refers to employees from the IT and legal departments, the risk and compliance departments as well as the finance department. Via the data you can determine which interfaces are in use, who is using them and what type of data traffic is taking place through through which interface. Unused interfaces and connections that are no longer required, such as testing systems, can be identified and switched off. 

In addition, companies can use the data to assess the risk of additional license and maintenance fees to be paid to SAP. Without a comprehensive understanding of the existing interface landscape and its actual use, SAP customers run the risk of being held liable – just as the Diageo case has shown.

 

DEEP-DIVE for IT managers: Your IT experts can find detailed information on determining interfaces in SAP system landscapes here.