create J2EE backdoors
Hold on, SAP is based on Java? And the 2003-ish enterprisy framework of J2EE (as opposed to JEE) from a time when Sun didn't exactly know how to even design such a thing? Say it ain't so!
"The big surprise is that SAP cyber security is falling through the cracks at most companies due to a responsibility gap between the SAP operations team and the IT security team,”
O'Really? You know the scenario:
1) CFO demands SAP
2) Ops say "We can't support this unless we get a big increase in manpower and clean up the existing shit & processes for a year or two"
3) Board gives go-ahead because what does Ops know, they don't have business sense, wrong priorities and are not team players anyway
4) Any outlays go to SAP "consultancy and configuration" no money left for any issues raised under 2)
5) Wild installation into a "hands-off" operating mode where a super-expensive eejit drops by twice per year to "tune the SAP install"
7) "WHY DIDN'T OPS TELL US THERE WERE PROBLEMS WITH SECURITY?"