As a contribution to Cybersecurity Awareness Month 2021, I wanted to share my thoughts on its importance and how security organizations not known to be cyber-focused are significant contributors to our cyber security posture. When the US Department of Homeland Security created Cybersecurity Awareness Month, the goal was to have corporations focus on the importance of clearly understanding the security efforts being taken to protect their customers' and employees' data. The convergence of efforts in varied security disciplines provides a holistic and thorough action in providing the complete security package.
At its core, physical security historically is about keeping facilities, people, and assets safe from real-world threats. Our new responsibilities include Crisis Management & Travel Security, Protective Services, Investigations, Field Operations, to name a few.
Physical and Cyber Security- The Powerful Partnership
When you look at Cyber Security as an organization, it is evident they are responsible for the virtual aspect of protection. Within Global Physical Security, we are responsible for the physical element of the same. Leveraging our knowledge and experience within varied frameworks such as the National Institute of Standards and Technology (NIST), ISO27001, and other government frameworks, we have focused on creating specific standards and procedures to reduce the threat of individuals exploiting weaknesses or deficiencies to gain access to protected data. The focus of these initiatives is within our offices (including serviced), owned and co-located data centers, and remote work environments.
The Future of Work
What does this mean for us now with an environment that gives employees the flexibility to work from home and in other remote work locations? We are used to leveraging Virtual Private Networks (VPN) to access our company email and service programs, but what efforts are you taking to secure passwords to your home router, video camera systems, home security systems, or other IoT devices. How are you storing and securing sensitive or confidential work documents? These are things we are addressing as an organization with the SAP employee in mind. We've seen increased reports of online scams and phishing attacks related to work, not only but also personal data. Our partnership with Cyber Security and other internal stakeholders is critical in providing the needed information to protect ourselves in the new remote work environment.
Protecting Our Environment
With work continuing at SAP locations worldwide, the Global Physical Security organization identifies new technologies to provide a more secure and safe environment. From new encrypted badges and mobile identity technology to the deployment of the incident and alert communications platform, we are always looking to improve our support services at SAP continually. Like other technology owners, we are responsible for maintaining the integrity and availability while securing those applications to ensure they are not the avenue for any attempted attack into our network. By monitoring our applications, effective change management, proper password management, and other good practices, we are actively engaged in providing security throughout the organization.
Every effort by SAP is made to provide the most secure environments, and through a converged model, we take a 360* approach leveraging the physical and virtual capabilities of the organization. The best news for everyone is it is resulting in a powerful partnership and more robust defense at SAP. A key player in our collaboration is our employees and their commitment to follow our company guidelines for secure remote work. Here are the top three tips for staying safe while working remotely.
- Use our VPN
- Set up two-factor authentication
- Use strong passwords
The great news is many of us have the option to work at home. I believe we can stay productive and safe during this time. I ask you to take care and be mindful of the risks in this new environment. I suggest you consult with your Cyber Security, IT, and Physical Security teams for best practices to ensure that you can stay safe.
John W Coovert
VP, Global Head of Physical Security
