Mar 16-19, 2026Las Vegas, Nevada, NV
SAP Security
Featured Insiders
Upcoming Events
SAPinsider Las Vegas 2026
Related Vendors
What Is Security?
Security is a broad term that can apply to many fields. In the area of IT, security refers to tools and strategies that prevent unauthorized access to organizational assets such as computers, networks, and data. Security is designed to maintain the integrity and confidentiality of sensitive information, blocking the access of sophisticated hackers and malicious insiders.
What Is Security?
Security is a broad term that can apply to many fields. In the area of IT, security refers to tools and strategies that prevent unauthorized access to organizational assets such as computers, networks, and data. Security is designed to maintain the integrity and confidentiality of sensitive information, blocking the access of sophisticated hackers and malicious insiders.
What Is SAP Security?
SAP security products and services help organizations to develop and administer solutions securely across on-premise, cloud, and hybrid environments. The SAP Trust Center includes links to various SAP security tools and services under five categories:
- Hybrid identity and access management: SAP Single Sign-On, SAP Identity Management, and SAP Access Control.
- Cloud identity services: SAP Cloud Identity Services – Identity Authentication, SAP Cloud Identity Services – Identity Provisioning.
- Secure development services: SAP Authorization and Trust Management service, SAP Credential Store, Cloud Connectors, and SAP Cloud Programming Model.
- Risk and compliance: SAP Cloud Identity Access Governance, SAP Data Retention Manager, SAP Customer Data Cloud, and SAP Data Privacy Integration.
- Security support services: SAP Security Optimization, SAP MaxAttention, and Security Service and Support Offerings.
Further Resources for SAPinsiders
Trust Matters! The SAP Security Strategy and Roadmap. This presentation by Anne Marie Colombo, Cybersecurity Solution Advisor at SAP, provides an overview of SAP’s security strategy as well as its related solutions and products. The presentation explains how the latest solutions and services, such as SAP Cloud Platform Identity Authentication, SAP Cloud Platform Identity Provisioning, SAP Enterprise Threat Detection, SAP Single Sign-On, and SAP Identity Management, can bring value to your enterprise security platform.
Insights for Your Emerging SAP Security Strategy. In this blog post, SAPinsider discusses security with key leadership from SAP security company Onapsis. The discussion ranges across many topics, from the state of SAP software and enterprise security to Onapsis’s acquisition of Virtual Forge and its impact on the SAP customer base.
Application Security Imperiled by Attackers. Application security is being threatened by cyberattacks on the application layer, such as SAP S/4HANA systems, which target valuable resources organizations store there, observe SAP’s Arndt Lingscheid, Global Solution Owner Cybersecurity and Data Protection, and Martin Mueller, Presales and Program Manager, SAP Security Suite. Companies need to deploy real-time detection and response to deal with the rise in attacks against the SAP application layer level, they argue.
Vendors that can help SAP customers with security include: Appsian Security, Fastpath, Fortinet, Layer Seven Security, Lookout, Onapsis, Security Weaver, Xiting, and Xpandion.
152 results
Tackling SAP Security Audits – Tips to Avoid the SAP Security Mop and BucketJun 14, 2023 — In this presentation, Tina, an experienced Compliance Consultant, shares valuable insights on navigating SAP audits and ensuring compliance with regulatory and audit requirements. Learn how to audit IT controls effectively, assess the alignment of your organization with SAP audit requirements, and establish policies and procedures to handle SAP audits. Tina's expertise, gained from over 20 years of experience in SAP Security and Compliance, will provide practical tips for obtaining buy-in from senior management, involving business role owners, and confirming SoD policies.
1 minute read
Case Study: Aker Solutions reduced access risk by 85% with SoterionMay 10, 2023 — Aker Solutions faced a growing SAP access risk problem with 1.5 million potential access risks, but Soterion's GRC solutions reduced risks by 85% in just six months. With Access Risk Manager and Basis Review, Aker Solutions achieved increased regulatory compliance, efficiency, and effectiveness while mitigating risk.
1 minute read
SAP Security and the Provisioning of SAP AccessMay 10, 2023 — This article highlights the evolution of SAP security, access control (GRC), and IAM solutions, and discusses how organizations can choose the right solution for their needs, including a hybrid model. The article emphasizes the importance of collaboration between SAP security and cyber teams and encourages readers to consider their organization's needs, business objectives, SAP footprint, and risk management priorities before making a decision.
1 minute read
Three Essential Security Considerations for Your SAP S/4 ImplementationApr 20, 2023 — SAP S/4 implementations can and do bring improved operational efficiency to organizations, but only if they get their implementations right. Given the speed of innovation, new cyber threats, and a changing regulatory landscape, managing risk is a central challenge to SAP S/4 implementations. With SAP S/4, what was once the organization’s core ERP has become both broader in scope and more heterogeneous.
As a result, implementation efforts must include careful consideration of security, compliance, and controls issues to fully integrate the design and deployment of S/4 with the larger ecosystem. It is critical that the implementation team shares a common vision for these matters for both cloud and on-premise systems to properly secure the environment end-to-end.
6 minute read
Five Key Steps for Infrastructure SecurityApr 19, 2023 — Security should be top of mind for all businesses that rely on SAP landscapes for mission-critical business functions. Cyberattacks can affect not just the SAP system, but also those of other connected systems. Issues like limited visibility and unpatched systems increase the likelihood of cyberattacks, as well as other system failures. Yet organizations must also ensure availability so their teams can access necessary products.
For this article, SAPinsider spoke with Grant Bennett, Global Vice President of SAP Sales at SUSE, to highlight five key considerations all organizations should make when designing their SAP infrastructure security strategy.
To maximize their security and minimize risk, organizations should rely on a secure operating system that has certain key security certifications. They should also integrate with SAP platform features and tools that keep SAP systems up to date with the latest patches.
Organizations should also take care to extend all security implementations across the entire SAP landscape, while keeping in mind that special considerations may be required for cloud deployments.
4 minute read
March 2023 Security Notes NewsApr 17, 2023 — Each month, SAPInsider reviews the previous month’s SAP Security Hot News and Notes to help SAPInsiders decide what to do with SAP’s recommendations. This blog breaks down the latest Security notes by vulnerability and risk rating, explains what the risks are, and makes recommendations to help with analysis, installation, and testing. The March 2023 blog looks at six specific critical and high -risk notes with access control, directory traversal, and code risks.
3 minute read
Masterclass: Reinvent the Wheel with SAP S/4HANA SecurityApr 12, 2023 — SAP has delivered nearly 15000 apps in the Fiori library. With this innovation driven to enhance user experience, there is a significant gap in managing risks. Prior to SAP S/4HANA only a single database user was needed, now with eHANA reporting users exist directly on the database and even datacenters are changing from private data centers to private cloud or even internet enabled. All these changes create risk which needs to be managed before the wheels fall off the cart.
1 minute read
Do I Really Need an SAP SECOPS Program?Nov 29, 2022 — Companies may not believe that an SAP SECOPS program is necessary, but there may be more factors at play than they considered. In this article, SAPinsider Bill Oliver will walk you through some of the key considerations that SAP users must make when setting up their overall security plan.
Some organizations that simply having their SECOPS team monitor their current system infrastructure is sufficient. However, it is worth considering what level of expertise your team has with SAP itself. SAP systems require different security considerations and protocols in the event of a breach.
Oliver will highlight some of the more high-profile types of breaches and vulnerabilities relating to SAP systems that are known to the public. Once the need for an SAP-dedicated SECOPS program is in place, a good place to start is the NIST Cybersecurity Framework. This guidance will allow your organization to manage and reduce risk.
5 minute read
Preventing SAP Security VulnerabilitiesNov 15, 2022 — The move to SAP S/4HANA comes with its own set of challenges. As SAP landscapes evolve to support business-critical processes with enhanced controls for managing and monitoring, there is an increased need for comprehensive approaches and platforms that cover all aspects of security, including data and application to detect complex cyberattack patterns and anomalies in SAP systems. Especially during and after SAP S/4HANA migration, organizations are prone to newer vulnerabilities. Manual periodic security monitoring and audits no longer ensure adequate protection. This has intensified the need for organizations to go beyond preventive measures towards adopting approaches that detect and respond in real-time. While continuous monitoring is key to strong cyber defenses, using real-time intelligence to detect and neutralize cyber-attacks is imperative for organizations. SAP’s security monitoring and threat detection, a managed service, offers 24/7 monitoring and collects, correlates, and analyzes anomalous and suspicious events across the SAP system landscape in real-time, and supports organizations in detecting threats before they happen.
1 minute read