Challenge.
Based in northern Germany, Varelmann Beratungsgesellschaft mbH has been a reliable partner for SAP application customers for 25 years. With over 80 employees across locations in Oldenburg, Stuttgart and Fulda, it is a service and consulting partner for SMEs throughout Germany when it comes to implementing SAP solutions, offering its own solutions and application support models. With Varelmann always at the cutting edge of technical innovations in the field of SAP strategies and solutions, the consultants understand the risks posed by the ever-increasing threat of cyberattacks. As the risks multiply, it’s now more critical than ever for every business to a have a robust cybersecurity strategy in place, and against this backdrop, Varelmann sought to evaluate and optimise the security measures it already had in place. The aim was to objectively identify and resolve any potential security vulnerabilities, but to do so, Varelmann needed a holistic overview of its security and a partner that would develop a specific strategy tailored to the company’s needs.
The B-Hard Security Assessment is more like an audit during which stakeholders communicate with each other. I can equate the results of the analysis to a thriller, a schematic evaluation is an impressive way to see how big the gaps in defences can be and how much of an aberration it can be when you think you are secure. Many people assume that they are safe in the cloud, but a schematic evaluation can be very helpful. Going through the checklists was an interesting experience as they raised our awareness and made us think about things we’d never really considered before or helped us understand that there were was a lot more going on than we thought.
Khaled Kourouche, IT Management IT /QM Head, Varelmann Beratungsgesellschaft mbH
Solution.
With its tailored B-Hard Security Assessment, Bechtle is offering a systematic approach that can be utilised according to requirements and threats. Varelmann Beratungsgesellschaft mbH made the decision to leverage the innovative framework, not least because it has been developed specifically to precisely analyse corporate security architecture, uncover potential vulnerabilities and provide robust recommendations for action. The assessment’s methodical approach consisting of a preparatory phase, implementation and presentation of results enabled Bechtle to provide a comprehensive and in-depth analysis of Varelmann’s security landscape. The intensive preparatory phase laid the foundations for the assessment with Bechtle informing all stakeholders about the upcoming steps and preparing them for their specific roles. Varelmann readied their systems for the security check, business partners were informed about the impending scans and the company identified contacts for Bechtle. At the top of the agenda was to create an accepting environment for the assessment to take place. After two days of preparation, Bechtle was on-site for two days, carrying out interviews, viewing documents, carrying out inspections and defining the assessment’s objectives. The approach is similar to an audit, and so this was a busy time for Varelmann. The systematic and objective interview checklists raised awareness of potential dangers and provided Varelmann with a host of insights. As well as the system review provided by technical scans and strategic analyses, Bechtle also showed Varelmann a range of scenarios such as what could happen if a hacker attacks. In this way, Bechtle uncovered critical vulnerabilities and provided valuable insights into Varelmann’s technical and organisational security structure. To round off the assessment, Bechtle provided a detailed presentation of the top 10 vulnerabilities found along with recommendations for action tailored to Varelmann. Bechtle’s critical and neutral perspective identified all specific risks and documented them in a final report that also included clear strategies for action that allowed Varelmann to bolster its security measures and ensure it is ready to tackle cyber threats more effectively. Jointly developed and implemented, the cloud security strategy was also approved by external experts, which made the process even more objective and of a higher quality.
Business benefits.
Bechtle’s B-Hard Security Assessment carried out at Varelmann Beratungsgesellschaft mbH has complemented its cloud environment’s security measures to boost its cyber resilience. The neutral, external perspective, clear analysis of the current security level, and specific and easy-to-implement recommendations for action helped Varelmann to strengthen its information and data protection strategy to better protect sensitive customer and corporate data. Furthermore, Varelmann gained a cost-efficient and targeted guide for further extend its information security strategy.