SAP recently released a statement addressing lapses in its cybersecurity infrastructure and maintains that there have not been any known data breaches. It instead identified that some of its cloud products “do not meet one or several contractually agreed or statutory IT standards at present.”
Cloud-Based, Software as a Service Products on the List
The cloud products affected include: SAP SuccessFactors, SAP Concur, SAP/CallidusCloud Commissions, and SAP/Callidus Cloud CPQ. Also included are SAP C4C/Sales Cloud, SAP Cloud Platform, and SAP Analytics Cloud.
SAP is taking steps to address the security lapses. According to the press release, the software company has initiated the process and says remediation will largely be completed in the second quarter of 2020.
“Any expenses related to the remediation are expected to be covered within the range of the current SAP 2020 financial outlook,” SAP stated in the announcement. SAP recently released its first quarter earnings report and shared that its cloud business is on the upswing.
SAP Supporting Affected Customers
Although the software giant maintains that it does not believe that any customer data has been compromised, the company has decided to update its security-related terms and conditions. Additionally, the executive board of SAP SE will inform and support any affected customers—estimated at approximately 40,000—individually. If customers want to proactively reach out to SAP about what next steps to take, they should contact their account executive.
“Software security should be top of mind for any company today, and that’s especially true when it comes to high-priority, enterprise-class SAP systems,” said Geoff Scott, CEO of ASUG. “I applaud SAP for being proactive with this announcement, and pledge to our members that ASUG will share any new information with them as we receive it.”
In response to this discovery, SAP has developed a new information security strategy, governance model, pre-acquisition due diligence process, and post-merger integration of newly acquired companies into the SAP security model. It also has hired several leaders whose responsibility it will be to strengthen the SAP security program. Those roles include a security officer, a new chief information security officer, and a new global head of physical security. SAP opened a new Cyber Fusion Center in Newtown Square, Pennsylvania, which will serve as its global hub for security operations.