Zero Trust: A Practical Approach to Third-Party and Supply Chain Access to SAP

Supply chains are high-value targets for cybercriminals as disruptions can have a ripple effect on the global economy, making timely resolutions crucial. Ransomware attacks have become a lucrative attack vector for malicious actors. To further amplify the scale of their attacks and gain higher rewards, criminals also target trusted vendors. The nature of supply chain attacks requires only a few initial victims before exponentially infecting many more by exploiting permissions and access given to trusted partners. 

It’s now pertinent for supply chains, many of them with Industrial IoT (IIoT) and Operational Technology (OT) environments, to reassess and recalibrate their infrastructure to build resiliency against future cyberattacks. IIoT and OT environments are particularly crucial to secure as they are often overlooked because they provide clear network entry points. Recently, the Office of Management and Budget (OMB) released their strategy to move the U.S. government towards a zero trust architecture. In turn, supply chain suppliers and vendors are taking this as an opportunity to do the same.

Establishing Zero Trust 

Zero trust is built on the concept of “never trust, always verify” to establish access and security policies based on context – including the user's role and location, their device, and the data they are requesting – with strict user authentication and continual policy checks at each step. When trust is not implicit, traffic traversing inside and outside the network is considered hostile.  

While unusual at first, zero trust can enable users to connect directly to an application instead of hair-pinning back to the network before reaching their destination. This significantly minimizes the attack surface by reducing the reliance on virtual private networks (VPNs) for remote access. As a result, business application connectivity and performance are greatly improved while becoming hidden and unavailable to unauthorized users. 

Zero Trust for Supply Chains

SAP, a provider of digital supply chain and ERP solutions, has partnered with Zscaler, a provider of zero trust cloud security offerings, to transform customers’ digital infrastructure with zero trust architecture as the foundation. Unlike traditional perimeter-based security that allows for broad network access, zero trust relies on the principles of least-privileged access to enforce policies based on context and trusted identity. By simplifying and unifying SAP access across users and devices regardless of their location, business-critical applications are safeguarded from unauthorized use or excessive permissions.

Schmitz Cargobull AG, a global manufacturer and SAP customer, chose to implement zero trust architecture as part of its digital transformation initiative. For Michael Schöller, Head of Infrastructure, it was important to minimize disruption to users’ access to applications while going through their IT infrastructure modernization and cloud migration. Once a decentralized, manually administered system, Zscaler ensured VPN-free secure access to SAP and other internal apps for the company’s mobile and remote workers. “Reducing VPN appliances will allow us to increase the availability of our supply chain and access for our consultants,” Schöller said. With a zero trust approach using Zscaler Private Access (ZPA), applications can remain easily accessible while hidden from attackers.

Zero Trust Benefits That Extend To Security And Beyond

Companies championing zero trust are finding that along with reducing business risks, they’re achieving application modernization and accelerating their digital transformation. With less dependence on complex and outdated networking and appliances, businesses can prioritize more on growth and innovation.

Secure connectivity 

With zero trust, businesses can establish seamless connections for users and devices to applications from any device, location, or network without a VPN. This eliminates an attack surface for criminals to access the network, preventing lateral movement and data exfiltration.

Optimized performance 

Since zero trust requires visibility and control over users and traffic, monitoring, analyzing, troubleshooting, and resolving downtime and other issues becomes a breeze. Slow applications can be diagnosed without disruption to the user.

Agility and scalability 

Zero trust can replace the hub-and-spoke model, where the data center brokers communication between users and apps, and the moat and castle model, where no one outside the network can access the data but those inside can, including insider threats. With simpler, cloud-delivered architecture from Zscaler, users can stay agile and scale without restrictions.

Increased productivity 

By using the principle of least-privileged access, user and device connections are made to only authorized applications. Improved application availability keeps users productive and focused on the task at hand, not distracted with figuring out how to connect to systems and devices. 

The supply chain, regardless of the industry, can take advantage of zero trust architecture to reduce risk while gaining more control and visibility into their critical systems, devices, and assets. Now, businesses can modernize their applications and infrastructure with scale and agility by implementing technology and processes on top of a zero trust strategy.

To learn more, sign up for our live panel discussion with leaders from Schmitz Cargobull, Microsoft, and SAP on November 8: Securing Third-Party and Supply Chain Access to Critical SAP Applications with Zero Trust.