Skip to the main content.
Contact
Contact
SWM 400x400

 

ProCom_SuccessStory_Logo_528x189

 

Immediate impact for increased security

Case Studie

 

Erfolgreiche H4S4 Migration bei Stadtwerke München mit Unterstützung von Natuvion


Download Success Story now

 
Utilities | Aachen | approx. 100 employees

ProCom is family-owned and has been advising customers and providing IT solutions for the energy sector for nearly 40 years. ProCom offers individual solutions along the  entire value chain from production and transmission to trading. At the heart of its portfolio are the BoFiT and ITA platforms. These solutions create more process and energy portfolio transparency in any time horizon and market with optimization and forecasting capabilities. ProCom is an important contributor to  the energy transformation program in Germany.

Further information is available at www.procom.eu 
EN_Downloads_SuccessStory_ProCom_FeatureImage

Über die Stadtwerke München

Umsatz: 9.672 Mrd. Euro

Industrie: Energie

Produkte | Services: Strom, Gas, Wasser, Bäder, Elektromobilität,
Photovoltaik, Telekommunikation

Natuvion Leistung: Conversion auf HCM für SAP S/4 HANA
Challenge

  • Lack of transparency regarding potential security vulnerabilities.

  • Risk of data loss, integrity issues, or availability disruptions.

  • Potential business impact, including reputational damage and contractual penalties.

  • Increased complexity due to interfaces, web services, and database access points.

Solution

  • Execution of a grey-box penetration test by Natuvion.

  • Analysis of the web interface, REST APIs, and database endpoints.

  • Application of the OWASP Web Security Testing Guide (WSTG v4.2).

  • Continuous feedback and verification of remediated vulnerabilities.

Result

  • Closure of critical vulnerabilities prior to go-live.

  • Significantly enhanced application security posture.

  • Enablement of developers through hands-on pentesting tool training.

  • Sustainable foundation for future security audits.

Industries_im_Fokus_Hand_links_V06

Objective

With the growing adoption of cloud applications, security considerations are becoming increasingly critical. During the development of its new web service, Thedora RD, ProCom aimed to ensure the highest security standards before bringing the application to market. In particular, the integration into existing enterprise landscapes such as SAP S/4HANA required potential risks to be identified and mitigated at an early stage.

The objective of the project was therefore to conduct a comprehensive and independent security assessment in order to identify and remediate vulnerabilities while providing customers with transparent proof of the application’s security level. To achieve this, ProCom relied on Natuvion’s cybersecurity expertise.

 
About_us_Icon_Branchen

Industry:

Utilities

Key service:

Application security assessment
Icon_Kalender

Project approach:

Security audit

Project duration:

-
SVK_Icon_Benefit_Career_Notebook

Source system:

Thedora RD

Target system:

Thedora RD

Detailed project overview

Minimizing business risks and ensuring transparent security standards

Without a comprehensive security assessment, ProCom faced significant and difficult-to-evaluate risks. Undetected vulnerabilities within the new cloud service could have resulted in operational disruptions or compromised the confidentiality and integrity of sensitive customer data. Such security gaps would not only have had technical consequences but could also have caused substantial business damage, including reputational harm and contractual penalties.

At the same time, it was essential to consider that modern web services are interconnected through numerous interfaces and integrated tightly with other systems. This significantly increases the complexity of security requirements. ProCom therefore required a structured and methodologically sound assessment covering not only the web interface but also APIs and database access points.

Proven and standardized testing methodology

To assess the security of the application, Natuvion conducted a comprehensive grey-box penetration test. Following a technical introduction to the functionality of Thedora RD, Natuvion’s security experts performed a targeted analysis of the web interface, REST APIs, and relevant database endpoints of the cloud service.

The assessment was based on the industry-recognized OWASP Web Security Testing Guide (WSTG v4.2). This structured methodology ensured a comprehensive and transparent evaluation of the application’s security posture. Identified vulnerabilities were communicated directly to ProCom, enabling remediation measures to be implemented already during the development phase. Natuvion subsequently verified the effectiveness of the corrective actions taken.

At the conclusion of the project, ProCom received detailed documentation containing all analysis results, concrete recommendations for action, and an overall assessment of the application’s security level. This documentation also serves as an independent proof of security for customers and stakeholders.

Enhanced security posture and long-term enablement

As a result of the security assessment, ProCom was able to significantly strengthen the security posture of its cloud service, Thedora RD, prior to market launch. Potential vulnerabilities were identified and remediated at an early stage, substantially reducing operational risks for the future production environment.

In addition, ProCom’s developers received training in the use of penetration testing tools. This enables the company to independently evaluate new functionalities for security-related issues in the future and to identify potential vulnerabilities at an early stage. Beyond the technical improvements, ProCom also benefits from a business perspective: the application now has an external and independent security assessment that helps build trust with customers. At the same time, the project establishes a solid foundation for future security audits and the long-term maintenance of high security standards.
LP_EN_SuccessStory_ProCom

Download the full success story as a PDF

Download
After the initial audit preparation phase there was little need to get involved further. Our collaboration with Natuvion reached a level of high efficiency. While we focused on the go-live activities, Natuvion provided very specific feedback to areas which needed improvement. We were able to incorporate the feedback into the development process, making our application already more secure during that phase. Now we can be certain that our cloud service meets high security requirements, and it is confirmed to our customers.
Torsten Eicker
Head of software development, Support & services ProCom

Related success stories

Optimized Energy Data Management with SAP EDM

Learn how Energie SaarLorLux re-integrated its supply-side market processes & established an internal EDM department.

Read more

How Energiedienst successfully transitioned to SAP S/4HANA

Read our success story with Energiedienst to find out what a successful transformation to SAP S/4HANA can look like.

Read more

Successful migration from powercloud to SAP

SENEC trusts Natuvion to migrate its subledger accounting from powercloud to SAP.

Read more

Key to success: professional project management

EnBW ODR relies on Natuvion when it comes to managing its SAP S/4HANA platform migration. Read all the details in our success story.

Read more

Radio Frequency Systems decommissions its legacy SAP system using DCS Retire

Radio Frequency Systems successfully retires its legacy SAP ERP system with DCS Retire.

Read more

schweizstrom successfully archives legacy data with DCS Retire

schweizstrom uses Natuvion Intelligent Data Store to archive around 100,000 customer data records.

Read more

Expand your knowledge with our resources

Get in touch with our application security assessment expert
Denise Sikula

Denise Sikula

Solution Advisor

Get in touch

Animation

Your Contact details