Security and encryptopn in SAP Leonardo and the industrial Internet of Things
Primarily, the topics of the Internet of Things (IoT) security are first of all technical, about cryptography, assemblies and manufacturing technology. But at the latest, when this data is collected centrally, when all of this data becomes a vast ocean of data in a company's server farms, the source of the information becomes part of enterprise security.
With the new SAP Leonardo architecture, the ERP software makes it possible to use huge amounts of data from the "Internet of Things" for corporate IT. SAP Leonardo integrates millions of Internet-based sensors and brings this information directly to the customer's own SAP system.
Classic SAP Attack Vectors
As you can see from the basic architecture of an SAP IoT landscape, the superficial attack vectors are the areas that are also classically known: wireless networks, public networks, accessible hardware, and the data in the HANA database.
A prominent example from the recent past can clarify this: Google has bought NEST, a manufacturer of fire detectors. This is actually a triviality, if not a peculiarity. The fire detectors are additionally equipped with infrared sensors that can register movement and people. And they can not only communicate with each other via WiFi, but also with a central server. For example with a central fire protection service.
If this data goes over the wire, may still be transported unencrypted over WiFi routes, then the company that collects this data has a legal problem.
And if this data is massively collected in a central location, such as an SAP HANA IoT, then the accumulation alone creates a new problem topic. On the one hand, such a collection is not permitted in European jurisdiction. On the other hand, the handling of personal data (in the EU) is punishable because the data are handled negligently if they are not adequately anonymised and secured.
A simple problem of an IoT device escalates
For example, the technical problem of a sensor at the end of the digital value chain becomes a veritable legal problem, because no one has considered technical and formal safety at any point.
Security Risk of Big Data in SAP Leonardo and IoT
If this ocean of data, this "data lake" ends as a precursor, for example, in a big data SAP HANA architecture, then that too is a problem of the SAP area.
Therefore, the following technical and organizational remarks should also be seen as subproblems of an SAP security scenario. Without a level of security already implemented in the basics protects (as in the case of the hacked Chrysler Jeep) the careless handling of these topics for an expensive late awakening.
Key to secure communication
The key to secure communication is cryptography, which is the foundation of any IoT architecture p>, including the encryption of hardware, programs, and communications, as well as data
Cryptography and Peer Review
Let's discuss a planned architecture together, how cryptography can be applied on all levels.
But even if your company has a corresponding group, a so-called external "peer review" is essential, in which one group describes encryption and the other group tries to break it. Encryption is effectively sharpened in this interactive circle.
Benefit from our many years of expertise in this area and contact us.