Episode #198
Introduction
In episode 198 of our SAP on Azure video podcast we talk about Zero Trust Security with SAP.
When was the last time you thought about security? Especially in the context of your SAP system? When preparing for this podcast I did a little research on SAP and security – and it is actually pretty horrifying how many incidents are even documented in the public. I guess there are even more incidents happening every day across the world. So securing your SAP system becomes more and more important. To talk a little more about Zero Trust Security Principles for SAP I am really glad to have a number of experts with us today: Joe Speziale, Daniel Mauser and the one and only Evren Buyruk.
Find all the links mentioned here: https://www.saponazurepodcast.de/episode198
Reach out to us for any feedback / questions:
- Robert Boban: https://www.linkedin.com/in/rboban/
- Goran Condric: https://www.linkedin.com/in/gorancondric/
- Holger Bruchelt: https://www.linkedin.com/in/holger-bruchelt/
#Microsoft #SAP #Azure #SAPonAzure #Security #ZeroTrust
Summary created by AI
- Security Importance:
Holger highlighted the critical importance of security in SAP systems, noting the shocking number of incidents and the need for more public discussion and awareness.
- Public Awareness of Security Incidents: Holger expressed shock at the publicly documented security incidents related to SAP systems and emphasized the need for increased public discussion to raise awareness about the importance of securing SAP systems.
- Underreported Security Incidents: He speculated that the actual number of incidents is likely higher than reported, as many companies may not publicly disclose security breaches, underscoring the urgency of addressing security in SAP environments.
- Zero Trust Security Principles:
Evren discussed the continuous effort required from customers to secure their systems, touching on topics like DMZ, data encryption, and the importance of a holistic security approach.
- Continuous Security Effort: Evren emphasized the ongoing effort customers must put into securing their systems, including implementing zero trust security principles and considering aspects like DMZ and data encryption.
- Holistic Security Approach: He advocated for a comprehensive view of security, not limited to network connectivity and data protection, but also addressing potential brute force attacks and incident responses.
- Security Operation Teams’ Role: Evren highlighted the daily work of security operation teams in ensuring the security of investments in public cloud environments like Azure.
- Microsoft’s Core Security Principles: He outlined Microsoft’s core security principles and the importance of customers understanding and implementing them alongside Microsoft’s significant security infrastructure investments.
- Microsoft’s Security Investments:
Evren emphasized Microsoft’s significant investments in security infrastructure and the shared responsibility model, urging customers to understand and implement best practices.
- Microsoft’s Security Investments: Evren highlighted Microsoft’s substantial investments in securing its servers, storage, and networking, which benefit customers on Azure.
- Shared Responsibility Model: He stressed the shared responsibility model, where customers must actively understand and apply security best practices and technologies provided by Microsoft to ensure their cloud environment’s security.
- Customer’s Role in Security: Evren pointed out that while Microsoft provides a secure Azure platform, customers must take the initiative to secure their applications and data.
- Security Best Practices: He mentioned the importance of customers adopting Microsoft’s security best practices to enhance their security posture.
- Hybrid Connectivity:
Daniel explained the hybrid connectivity options available to customers moving from on-premises to Azure, including VPN and Express Route, and the importance of understanding these options for security.
- Hybrid Connectivity Options: Daniel discussed the various hybrid connectivity options, such as VPN and Express Route, available for customers transitioning from on-premises to Azure, emphasizing the need to understand these options to maintain security.
- Security in Connectivity: He elaborated on the security aspects of these connectivity options, including the enforcement of MFA and conditional access policies to secure network access.
- Regulated Industry Considerations: Daniel touched on the specific security needs of regulated industries, such as encryption requirements, and how Azure accommodates these through its connectivity solutions.
- Third-Party Security Products: He acknowledged that customers familiar with third-party security products on-premises might seek to replicate these in Azure, and Azure’s marketplace offers these options.
- Security as a Priority:
Joe positioned Microsoft as a security-first company, emphasizing the evolution from a software company to a cloud and now a security company, highlighting the importance of security in all discussions.
- Microsoft’s Evolution to Security: Joe described Microsoft’s evolution from a software company to a cloud company, and now primarily a security company, underscoring the central role of security in Microsoft’s offerings and discussions.
- Security in AI Generation: He mentioned the importance of security as Microsoft moves into the AI generation, indicating that security considerations are integral to the development and deployment of AI technologies.
- Getting Started with Security:
Evren and Daniel provided guidance on where customers can start with securing their SAP on Azure, recommending the Azure security page and the Cloud Adoption Framework as starting points.
- Starting Points for Security: Evren and Daniel suggested starting points for customers looking to secure their SAP on Azure, recommending resources like the Azure security page and the Cloud Adoption Framework for guidance.
- Security Documentation Resources: They advised customers to explore Microsoft’s extensive security documentation and frameworks to understand and implement security measures effectively.
- 0:00 Intro
- 1:20 Introducing Joe, Daniel and Evren
- 8:20 Zero Trust Security with SAP
- 9:50 Assume breach
- 10:50 Shared responsibility
- 13:30 Simplify security management with Azure services
- 17:30 Zero Trust Principles
- 19:10 Phase Based Reference Architecture for Azure Zero Trust Security
- 20:50 Building security layers
- 23:00 Breakdown of Azure Zero Trust
- 24:40 Implement Network Layout Encryption
- 27:25 MACsec Encryption
- 30:20 Secure and verify communication from an on premises network to Azure VNets
- 35:00 Azure VPN
- 37:30 Remote Office/Branch Office
- 38:30 High availability
- 46:00 How to get started
- 51:30 Microsoft is a security company