In-brief: SAP AG announced alliances with a string of software and hardware makers to provide end to end security for Internet of Things deployments. Check Point and Intel are among the company’s partners.
We noted last week that enterprise systems by the likes of Oracle and SAP are proving to be weak links in the Internet of Things security chain. That story noted this piece over at VICE’s Motherboard that noted some research suggesting that ERP (enterprise resource planning) platforms are being targeted in attacks on firms in the oil and gas industry.
Well, it seems that security in the context of IoT isn’t lost on huge platform vendors like SAP. Note this news from Inside SAP about a raft of new partnerships that seek to address security up and down the chain.
Among the companies SAP said it will partner with are Check Point Software Technologies, for “a security architecture designed to catch malware” and Intel, which will provide an “end-to-end reference model and products that integrate with the SAP HANA Cloud Platform for the IoT” and to create a “foundation to connect devices and deliver data to the cloud.”
Among SAP’s other partners: azeti Networks AG, which will provide a remote iOT monitoring and management application that can be integrated with SAP solutions to provide “improved operational insights,” the report said. Another partner, Certified Security Solutions, will provide “secure identity and validated data transfer between IoT end point and enterprise business systems.”
“Any scalable and significant IoT offering requires an end-to-end security solution — from the edge devices and sensors, through the routers and network gear, to the back-end data center and data pools, to the applications, and back to mobile devices, analytics tools and an endless number of interfaces,” said Tanja Rueckert, executive vice president, IoT and customer innovation, SAP.
SAP is just one of many enterprise platform vendors that is trying to adjust to the demands of the Internet of Things, which holds tremendous potential in important industry verticals such as healthcare, manufacturing, energy and public infrastructure. However, the distributed nature of the IoT and the proliferation of connected endpoints, any of which might be used as a point of attack against higher value assets up-stream.
Still, it is often the enterprise platforms themselves that are the fattest target. Firms like SAP and Oracle still rely on massive, quarterly patch releases that might contain hundreds of fixes across dozens of separate product lines. Given the importance of those applications, customers are often reluctant to apply patches promptly for fear of disrupting the operation of critical applications. That leaves the patch “window” between the fix for a hole and its application open longer, creating an opportunity for malicious actors.