Cybersecurity and Compliance: Finding Digital Balance to Lock Out the Right Risks

The appeal of living in a connected home is one of ease, convenience, safety, and control. With simple voice commands, people can do anything from switching lights on and off and adjusting a thermostat based on weather conditions to scheduling appointments and walking through doors that automatically sense when to open, shut, and lock. The potential is tremendous, but one small change – as a recent commercial from Norwegian supermarket chain Rema 1000 reminds us – can lock the wrong people out of the house.

Like homeowners, organizational leaders are fascinated with connecting their operations end-to-end. Such digitalization is often inspired by the need to comply with the growing range of regulations and need to protect sensitive data and core systems from near-crippling breaches. While locking down every digital asset may seem to be the answer, employees still need to access information anytime and anywhere, production machines still need to exchange data, and customers still need to engage with the business.

Finding the right balance between cybersecurity, compliance, and operations is a delicate issue. But many of our customers are making the modifications necessary to stay operational as well as compliant and protected – thanks to the cybersecurity and compliance services of the New SAP MaxAttention engagement model.

SAP experts Hartwig Brand, head of the Global Center of Expertise Technology; Manfred Wittmer, head of the Global Security and Governance, Risk, and Compliance Practice Unit; and Fritz Bauspiess, chief security architect, share their observations on the success of this growing segment of our customer base.

Q: You have seen how businesses across all industries and sizes struggle with meeting business requirements cost-effectively while closing security and compliance gaps quickly. Can you share what you have learned from their experiences?

Brand: Cybersecurity is now a top priority – with topics such as political disruption, economic fluctuations, and natural disasters following close behind. Years ago I would have said compliance, but I believe that this is a reflection of how powerful, widespread, and nondiscriminatory data breaches, ransomware attacks, and cryptojacking of connected devices have become. In fact, in 2018 alone, the average data breach cost businesses US$3.86 million worldwide.

Wittmer: It is also important to note that businesses need a better understanding of how their less-critical technologies can open the door to breaches and compliance risk for their more-critical business systems. By looking at their IT landscape as a whole, they can quickly see how their ecosystem of digital investments, users, and captured data impact each other as well as the entire company.

Bauspiess: I am struck by the number of companies that haven’t performed the basic due diligence to keep their IT systems secure and compliant. Most IT organizations are so busy maintaining the overall IT landscape that they are unable to dedicate the time required to inspect connections across their applications and devices, take the right steps to close gaps, and optimize the potential of critical business needs.

Q: It’s interesting to see how connections – whether it’s enterprise resource planning (ERP) systems, such as SAP S/4HANA, or third-party applications – can have such an impact. How do our cybersecurity and compliance services help businesses take the right steps to help ensure those points of interaction are secure and compliant?

Bauspiess: The most considerable step that our services enable is helping customers become aware of the fundamentals of cybersecurity and compliance and familiarize themselves with the tools available to them. This can be an empowering opportunity to gain their first insights into which areas are quick wins as well as those that are the most important to start.

Brand: What Fritz just said is very important. Security and compliance are not all-or-nothing propositions. Businesses can never be 100 percent secure without losing the cost effectiveness and agility of their IT landscapes. But at the same time, they cannot afford to be zero percent secure. With our cybersecurity and compliance services, our customers can work to determine the best way to safeguard their systems while delivering on the needs of both employees and customers with high fidelity to compliance requirements.

Wittmer: When meeting with business leaders worldwide, I can tell that our customers appreciate the advantages that Hartwig and Fritz mentioned. For example, the chief operating officer of a major German customer recently told me that our services enabled his organization to identify and address gaps in a matter of weeks. This realization is a stark contrast to the company’s history of requiring upwards of six months to accomplish the same results.

Q: What are some of the most significant outcomes our customers can achieve after going through the process of system transparency and risk mitigation, continuous improvement, and strategy building and architecture refinement with our cybersecurity and compliance services?

Wittmer: I see three primary advantages our customers can achieve. One, they can gain tremendous transparency that allows them to assess their organizational and digital readiness for adhering to regulations, mitigate security risks, and give their workforce and operational assets access to the data they need. Two, they can gain confidence in the reliability and accuracy of their system and data, which can have a lasting impact on their financial reporting. And last but certainly not least, they can protect themselves against unintended failure and system damage that result from providing a user too much access to a system or containing custom code that is no longer relevant.

Bauspiess: One of the most transformational outcomes that I often observe is the ability to develop a security and compliance improvement road map. This is based on the results of a transparency and mitigation assessment and charts a defined path to help ensure existing and future implementations are safeguarded.

Brand: Steering discussions with more informed insights is also helping our customers evolve their perceptions of their cybersecurity and compliance risks and requirements. Driven by the reassessment of their security activities and their IT landscape, our customers can help ensure existing and new implementations, processes, and innovations are feasible, desirable, and viable as well as secure and compliant.


Over the next few weeks, we will offer a real-world view of focus topics that can help your business acquire the foundation and capabilities of an intelligent enterprise. Bookmark the series landing page and check it each week. In the meantime, read our overview of the New SAP MaxAttention program, “Customer Success for the Intelligent Enterprise,” to discover the opportunities ahead for your business. And for more information, reach out via email at maxattention@sap.com.


Christian Leja is director of SAP MaxAttention Solution Marketing. Follow him on LinkedIn. Hartwig Brand is head of Global Center of Expertise Technology. Follow him on LinkedIn. Manfred Wittmer is head of the Global Security and Governance, Risk, and Compliance Practice Unit. Follow him on LinkedIn. Fritz Bauspiess is chief security architect. Follow him on LinkedIn.