INVOICES AND FINANCE
WORKFLOW AND ARCHIVING
SECURITY
E-COMMERCE
MARKETING
ANALYTICS
DIGITISATION OF CONTENTHow Pathlock and Lukardi support NIS2 implementation in SAP and ERP systems
- Security, SAP
Directive NIS2 (Network and Information Systems Directive) is one of the key pieces of European Union legislation that imposes obligations on companies in terms of cyber security risk management, incident reporting and continuous compliance monitoring.
For organizations using the systems SAP, Oracle, Microsoft Dynamics or Workday, one of the most important challenges is ensuring the security of data and business processes.
That's why companies are increasingly turning to integrated tools, such as Pathlock - supported by experts Lukardi - which allow you to comprehensively manage security controls, user access and compliance with NIS2 regulations.
Cybersecurity Application Controls (CAC) - SAP security in practice
Module CAC (Cybersecurity Application Controls) is responsible for the implementation of the preventive and detection inspections in the SAP environment. This is a key component in supporting the requirements of Articles 21-23 NIS2, regarding monitoring, reporting and incident response.
CAC's key functionalities:
- Threat detection and response: More than 1,500 event detection signatures based on more than 70 SAP log sources. The system constantly monitors the environment and sends automatic alerts on suspicious activity.
- Vulnerability management: More than 4,000 configuration checks, automatic system scanning and prioritization of security patches.
- ABAP code scanning: Continuous code analysis in development and production environments - more than 150 checks to eliminate security bugs.
- Transportation Control: Automatic blocking of risky shipments to production.
- Dynamic Access Control (ABAC): Data masking, anonymizing test environments and restricting access in real time.
SOAR in CAC - automation of incident response
Built-in mechanisms SOAR (Security Orchestration, Automation and Response). enable:
- Automatically trigger countermeasures (e.g., blocking transports) when a threat is detected,
- transmission of enriched events to the system SIEM For effective escalation management,
- The use of dynamic access restrictions (ABAC) during an incident,
- generation of NIS2 compliant audit reports (24h / 72h / 1 month).
Application Access Governance (AAG) - access management in ERP
Module AAG focuses on the principle of least privilege access, that is, to provide the minimum necessary access to data and system functions.
Key features:
- detection of privilege conflicts (SoD - Separation of Duties),
- Conflict mapping between systems (e.g., SAP and Ariba),
- Simulation of "what if" scenarios with changes in authority,
- Automatic removal of inactive or orphaned accounts,
- temporary access management (firefighter / JIT access).
With AAG, organizations reduce the risk of fraud, meet requirements NIS2 on access control and are preparing for compliance audits.
Continuous Controls Monitoring (CCM) - continuous compliance monitoring
Module CCM responsible for continuous monitoring and reporting The state of security checks:
- gathers evidence of compliance with NIS2, ISO or SOX rules,
- Indicates the most serious financial risks,
- Generates reports and charts to support preparation for audits,
- Automates oversight of changes to ERP system configurations.
Pathlock in practice - sample NIS2 scenarios
|
ERP platform |
NIS2 scope |
Example of Pathlock use |
|
SAP S/4HANA, ECC |
Articles 21, 23 |
CAC blocks risky transports and generates SIEM alerts; ABAC restricts access to sensitive data. |
|
Oracle ERP |
Article 21 |
AAG eliminates SoD conflicts between modules; JIT access enables contingency operations without fixed privileges. |
|
Microsoft Dynamics 365 |
Articles 21, 32 |
CCM monitors configuration changes and estimates financial losses; audit-ready reports. |
|
Workday |
Article 20 |
Automatic certification of access to HR and payroll roles. |
|
Salesforce |
Article 21 |
SoD rules protect against bulk data export and abuse. |
How to implement NIS2 with Pathlock and Lukardi - recommendations
- Involve management from the beginning of the project - NIS2 requires management oversight.
- Designate individuals responsible for ERP security (SAP, Ariba, Oracle).
- Enter a set of controls that comply with NIS2 Articles 21-23, using the module CCM.
- Apply the principle of least privilege with the help of the module AAG.
- Implement technical monitoring and threat detection in SAP by CAC.
- Integrate the system with SIEM, to automate real-time reporting and response.
- Use ISACA and ISC2 best practices (e.g., COBIT, CRISC, CISSP) in risk and incident management.
Summary
Combination of solutions Pathlock and experience of the team Lukardi represents a comprehensive approach to implementation of NIS2 requirements in ERP environments. Through automation, monitoring and risk analysis, organizations can not only meet regulatory requirements, but also realistically strengthen the Cyber security of its SAP and ERP systems.
SIGN UP FOR THE WEBINAR:
Painless reorganization of authorizations in SAP? It's possible!
Join us for a webinar to learn how to automate role customization in SAP to reduce risks and simplify access management. Gain practical knowledge to streamline your processes, structure your authorizations and effectively secure your system.
More from the category
- Security, SAP
Tomasz Jurgielewicz
Head of Security Development w Lukardi.
Realizuje kompleksowe projekty bezpieczeństwa oraz optymalizacji kosztów licencji, koncentrując się na takich obszarach jak:
- identyfikacja konfliktów uprawnień i reorganizacji autoryzacji,
- identyfikacja podatności SAP,
- integracja rozwiązań SIEM z SAP,
- optymalizacja licencji SAP.
