Meet the Authors

Key Takeaways What you need to know
  1. Pathlock and NTT DATA Business Solutions announced a managed SAP security service that delivers 24/7 monitoring through global SOC operations.

  2. The service embeds Pathlock Nexus cybersecurity application controls across vulnerability management, code scanning, transport control, threat detection, application profiling, and dynamic data security.

  3. Pathlock’s SAP-certified Clean Core status with RISE with SAP positions the service for organizations moving from ECC to S/4HANA cloud environments.

Pathlock and NTT DATA Business Solutions announced a global strategic partnership June 16 to deliver managed SAP cybersecurity services, embedding Pathlock’s Cybersecurity Application Controls solution directly into NTT DATA Business Solutions Security Operations Center (SOC) infrastructure.

The collaboration targets a common operational challenge in enterprise SAP environments: rising exposure to ransomware, insider threats, and financial fraud at a time when SAP security professionals are stretched thin. Pathlock CEO Damon Tompkins describes SAP systems as “one of the most under protected layers in enterprise cybersecurity,” and the partnership is designed to address that condition at scale.

SAP Cybersecurity Gap Drives Managed Service Launch

Explore related questions

Many enterprises run interconnected SAP environments spanning ERP, finance, procurement, and supply chain systems — environments that require specialized, continuous security coverage that most organizations cannot staff internally.

Jonathan Stross, Pathlock’s senior product manager for cybersecurity research and innovation, described the problem directly: “Critical incidents don’t wait for business hours, and when they occur, there’s often no SAP security expert available to respond.”

The managed service responds to that gap by routing 24/7 monitoring, threat detection, and governance support through NTT DATA Business Solutions’ global SOC.

Claus Tscherner, head of global business managed services product management at NTT DATA Business Solutions, explained the rationale behind the partnership: “SAP ERP sits at the heart of our customers’ business processes, and securing it requires deep application expertise and continuous support.”

Pathlock Nexus Packages Identity and Security for SAP

The technical foundation of the managed service is Pathlock Nexus, which Pathlock positions as an AI-native governance fabric for ERP and business-critical applications.

The platform converges identity governance, application controls, audit assurance, and cybersecurity into a single architecture. Pathlock positions the platform against a common enterprise condition: identity, GRC, and audit functions running on separate tools, creating blind spots where threats that cross all three go undetected.

Within the partnership, customers gain access to six modules from Pathlock’s Cybersecurity Application Controls solution: vulnerability management, code scanning, transport control, threat detection, an application profiler, and dynamic data security controls.

The threat detection module analyzes more than 70 log sources against more than 1,500 threat detection signatures. Transport control continuously monitors and blocks code changes containing security vulnerabilities before they reach production — a capability Pathlock specifically positions for organizations in the middle of SAP S/4HANA migrations.

Nexus also governs non-human identities — AI agents, bots, and service accounts — under the same framework as human users. Pathlock notes that non-human identities outnumber human users 20-to-1 in many enterprises.

Clean Core Certification Opens the S/4HANA Market

A material condition enabling the partnership is Pathlock’s SAP-certified Clean Core status with RISE with SAP, achieved in May 2026. Clean Core certification validates that Pathlock’s solutions operate without modifying SAP’s underlying code, a technical requirement for enterprises migrating to S/4HANA in the cloud.

NTT DATA Business Solutions, meanwhile, holds SAP Platinum partner status and focuses on the global mid-market and lower large enterprise segment — the customer tier most actively navigating the ECC-to-S/4HANA migration window. The certification, combined with the managed service delivery model, removes two adoption barriers simultaneously.

The partnership also extends NTT DATA Business Solutions’ single-subscription managed service provider model, which consolidates advisory, implementation, and managed services into one contract. The Pathlock-powered cybersecurity service adds a security and compliance layer to that existing portfolio, complementing NTT DATA Business Solutions’ ServiceNow Elite Partner status and Microsoft ecosystem relationships.

What This Means for SAPinsiders 

  • Managed SAP security moves into the midmarket. Enterprise-grade SAP security has historically required dedicated internal teams that most mid-market organizations cannot sustain. SAP practitioners at organizations of similar scale are increasingly evaluating managed service alternatives as a path to continuous protection.
  • Non-human identity governance enters SAP security conversations. AI agents and service accounts executing financial transactions without human oversight have introduced a governance gap that traditional access certification tools were not built to address. Security and compliance teams at large SAP organizations are beginning to include non-human identity coverage as a baseline requirement in vendor evaluations.
  • Clean Core compliance shapes the SAP security vendor landscape. As more enterprises commit to S/4HANA cloud migrations under RISE with SAP, Clean Core certification is becoming a threshold requirement rather than a differentiator. SAP-focused security and governance vendors without certification are increasingly finding their solutions excluded from shortlists at organizations with active migration timelines.

 

Events

29Oct
SAPinsider Summit New Orleans 2026New Orleans, Louisiana, United States
View All