Altán Networks is one of the largest telecommunications conglomerates in North America. Securing the S/4HANA® System is mission-critical to reach the company’s business objectives: To cover at least 92,2% of the Mexican country with 4.5G services.
Altán Networks have various external service providers who host and manage the existing SAP environment. The responsibility to safeguard critical applications like SAP was non-negotiable for José Márquez, CISO (Chief Information Security Officer) of Altán Networks. Due to his career path he has an advanced understanding of both SAP and cybersecurity. Understanding the existing attack surface in SAP and establishing an effective security strategy covering people, processes, and technology was the challenge ahead.
Aligning the SAP and security team to gain a common understanding of responsibilities and required skills is fundamental to implementing a security strategy. By applying the NO MONKEY Security Matrix in technical assessments and subsequent workshops, we identify security white spots and critical vulnerabilities in a comprehensive way aligned with the SAP Security Maturity Model. Thus the management of findings is approached collaboratively by identifying and addressing their root causes.
Customising an SAP assessment around the business requirements and objectives of Altán Networks enabled us to provide a holistic overview of the different pain points around their SAP environment. While other service providers might concentrate on protecting the technology of SAP alone, we ensured that all the critical assets (people, process, and technology) are included. Our holistic approach didn’t only stop there but also made sure that a continuous protection plan was provided and aligned with the entire organisation’s security objectives and requirements.