Mar 16-19, 2026Las Vegas, Nevada, NV
SAP Data Security
Featured Insiders
Upcoming Events
SAPinsider Las Vegas 2026
Related Vendors
What Is Data Security?
Data security is the practice of protecting data from unauthorized access, corruption, or theft throughout its lifecycle. Data security includes every aspect of information security, from the physical security of hardware and storage devices to administrative and access controls and application security. It also includes putting in place specific controls, standard policies, and procedures to protect data from a range of threats.
What Is SAP Data Security?
SAP security for the intelligence enterprise falls into four categories: identity and access governance, data protection and privacy, cybersecurity, and enterprise risk and compliance. In the data protection and privacy area, SAP has implemented a wide range of measures to help protect data controlled by SAP and its customers. These measures include:
What Is Data Security?
Data security is the practice of protecting data from unauthorized access, corruption, or theft throughout its lifecycle. Data security includes every aspect of information security, from the physical security of hardware and storage devices to administrative and access controls and application security. It also includes putting in place specific controls, standard policies, and procedures to protect data from a range of threats.
What Is SAP Data Security?
SAP security for the intelligence enterprise falls into four categories: identity and access governance, data protection and privacy, cybersecurity, and enterprise risk and compliance. In the data protection and privacy area, SAP has implemented a wide range of measures to help protect data controlled by SAP and its customers. These measures include:
- Data Processing Agreements: SAP signs data processing agreements with its cloud services provider, which mirror the terms of SAP’s customer-facing data protection agreement and include standard contractual clauses (SCCs). SAP implements and maintains technical and organizational measures to adequately protect personal data.
- Data Transfer Impact Assessments: SAP publishes FAQs to support customers with questions related to data transfer impact assessments when they are using SAP Cloud services.
- Data Protection Management System: The SAP data protection management system uses SAP’s data protection controls framework for all internal data protection and privacy controls, which cover the requirements of international industry standards.
- Internal Data Protection: SAP regularly trains employees and ensures data protection compliance with regular audits on the business and legal entity levels.
Further Resources for SAPinsiders
10 Best Practices for Enforcing Data Security, Control, and Consistency in the Software Logistics Process. In this article, security architect Kehinde Eseyin provides best practices, tips, and guidelines for ensuring that the process of making changes and transporting changed data in the SAP ABAP system is well secured against possible security threats and risks.
A Holistic Approach to Managing Cybersecurity & Protecting Your Data. This article provides tips and best practices to secure your data in the intelligent enterprise. SAP offers nearly a dozen solutions employed by many organizations — including SAP itself — to respond to compliance and security requirements and, in the event of a breach, minimize the impact, relates Bruce Romney, Senior Director of Product Marketing for SAP Governance, Risk and Compliance (GRC) and Security Solutions.
Overview of SAP Cybersecurity and Data Protection Solutions. In this presentation, Arndt Lingscheid, Global Solution Owner Cybersecurity and Data Protection at SAP SE, details steps organizations can take to secure the SAP S/4HANA business application environment.
Vendors that can assist SAP customers with data security include: Appsian Security, Capgemini, Fastpath, HPE, Intel, Kyriba, Layer Seven Security, NetApp, Onapsis, Rackspace, Saviynt, Security Weaver, Thales, Virtustream, Xiting, and Xpandion.
50 results
Jabil Deploys UI MaskingAug 18, 2021 — The proliferation of data privacy regulations and laws, such as the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), has prompted organizations to beef up their data privacy and protection. One way to protect data without the inconvenience of encryption is data masking or user interface (UI) masking.
One company taking full advantage of UI masking is Jabil, a St. Petersburg, Fla.-based global manufacturing services company. It operates 100 plants in 30 countries and has 260,000 employees worldwide. The company updated its SAP GRC and security environment, including implementing UI masking to protect sensitive data.
Read this article and learn more about Jabil's UI data masking and other cybersecurity measures.
4 minute read
How to prioritize security measures to avoid an SAP data breachAug 17, 2021 — With the increasing number of Cyberattacks in different forms, organizations need to avoid the high cost and significant business impact of a potential SAP data breach. Traditional network security does not provide adequate protection of the data in your SAP systems against insider and outsider attacks. In this session, John Mortimer, Security Consultant at CyberSafe, will discuss examples of data breaches, ways to avoid the attacks, introduce products and tools available to reduce the risk of a data breach, and show a product demonstration which highlights how to avoid a data breach using strong user authentication.
Attend this session to learn how to:
- Assess the risk of an insider attack for the SAP system landscape in your organization.
- Identify the weakest links and prioritize security measures to avoid them.
- Implement strong user authentication for users with access to high-risk data in your SAP systems.
1 minute read
How to prioritize security measures to avoid an SAP data breachJun 8, 2021 — With the increasing number of Cyberattacks in different forms, organizations need to avoid the high cost and significant business impact of a potential SAP data breach. Traditional network security does not provide adequate protection of the data in your SAP systems against insider and outsider attacks.
In this session, John Mortimer, Security Consultant at CyberSafe, will discuss examples of data breaches, ways to avoid the attacks, introduce products and tools available to reduce the risk of a data breach, and show a product demonstration which highlights how to avoid a data breach using strong user authentication.
Attend this session to learn how to:
- Assess the risk of an insider attack for the SAP system landscape in your organization
- Identify the weakest links and prioritize security measures to avoid them
- Implement strong user authentication for users with access to high-risk data in your SAP systems
1 minute read
Overview of SAP cybersecurity and data protection solutionsJun 7, 2021 — Cyber-attacks can have severe consequences when it comes to SAP S/4HANA applications. These attacks focus on the company’s application layer and use privileged user accounts. Unfortunately, many security departments see the SAP application layer as a “black box,” and assume the security of SAP applications as the responsibility of their Basis or SAP application colleagues, leaving these applications at risk.
Securing an SAP S/4HANA business application environment involves more than roles and authorizations. The loss of sensitive data can lead to severe penalties, damages reputation, and endanger the overall business of businesses within minutes.
In this session, you will:
Understand the challenges and needs to secure your SAP landscape
- Know how security frameworks can help lay the foundation for a strong security strategy
- Explore SAP’s portfolio of security and compliance solutions through the lens of the Cybersecurity Framework provided by the National Institute of Standards and Technology (NIST)
- Get overview to the toolkit for creating a comprehensive security strategy to meets your unique needs
- Learn to control the activities with a security infrastructure to meet compliance and business requirements and get insight that helps those at the C level make better decisions
1 minute read
Integrated UI Data Protection: Take protection of your crown jewel data assets to the next levelJun 7, 2021 — The SAP solutions for UI data protection are evolving. Join this session for the debut introduction to the first integrated release of UI Masking and UI Logging.
Attend this session to:
- Experience a comprehensive demo of many new features, such as data blocking and ‘Reveal on Demand’ with attribute-based authorizations
- Know how these data accesses are reflected in the latest analysis views with basic and conditional logging and discover a new analysis option for change logging
- Explore the solutions’ roadmap and learn about our teams’ activities in the authorization and encryption realms
1 minute read
Cybersecurity and Data Protection: Taking an Integrated ApproachMay 20, 2021 — By Fred Donovan, Senior Editor, SAPinsider “The threat actor only needs to be right once. We need to be right every time,” says Scott Margolis, Managing Director for the Data Privacy and Protection Practice at Ernst & Young (EY). The best way to stay ahead of threat actors, considering the global shift to remote work, is to implement an “integrated approach” to […]
2 minute read
How to Get the Most out of Using the Security Audit Log — From configuration to monitoringJan 25, 2021 — The Security Audit Log in SAP records security-related system information such as unsuccessful logon attempts, changes to user master records, and RFC calls. The Security Audit Log keeps a record of these activities for your review and investigation. Attend this session to gain a comprehensive overview of what the Security Audit Log is, how to configure and set up the Security Audit Log, and how best to use it.
In this session, you will:
- Walk through the configuration steps for setting up the Security Audit Log and understand the best ways to report and monitor the events
- Gain an understanding on what types of activities can and should be monitored, including unsuccessful transaction starts, RFC calls to function modules, unsuccessful RFC logon attempts, and unsuccessful logon attempts
- Discover the best ways of selling the use of the Security Audit Log to senior management
1 minute read
Trust Matters! The SAP Security Strategy and RoadmapJan 25, 2021 — This session provides an up-to-date overview of SAP security strategy as well as their related solutions and products. The intelligence and persistence of potential threats is only increasing. There is growing attention on SAP systems as they house organization’s most critical data and business assets. SAP is expanding its security expertise and solution portfolio accordingly.
In this session you will:
- Gain an introduction to the latest security features that will help you protect on-premise, hybrid and cloud architectures
- Understand how the latest solutions and services such as SAP Cloud Platform Identity Authentication, SAP Cloud Platform Identity Provisioning, SAP Enterprise Threat Detection, SAP Single Sign-On, and SAP Identity Management can bring value to your enterprise security platform
- Get a detailed explanation of security features related to SAP’s platform-as-a-service offering, SAP Cloud Platform
1 minute read
Bridging the Cybersecurity Gap in ITGCOct 22, 2020 — Compliance with regulations like Sarbanes-Oxley (SOX) often require a set of controls in place to mitigate risks to the integrity of financial reporting. Current ITGC testing performed by internal and external auditors is only focused on one slice of access risk. Different entry points into SAP systems are overlooked and present a higher level of risks that are currently not even assessed. How would you and your organization respond if presented with a scenario where you could 'ace' your ITGC audit and still be completely exposed?
In this session participants will:
- Be provided a snapshot of the current ITGC testing approaches commonly applied by auditors
- Learn the shortcomings of these approaches
- Understand the threats that exist to your SAP beyond the current ITGC scope and how they relate to compliance (specifically Sarbanes-Oxley)
- See how you can mitigate these risks BEFORE your internal and external audit
1 minute read
Recap of “Evolving Your SAP Security and Compliance Strategy in the Era of Cloud and SAP S/4HANA”Aug 18, 2020 — By Annie Kennedy, Associate Conference Producer Jason Fruge (JF), Vice President, Business Application Cybersecurity at Onapsis, was the expert in the Q&A titled “Evolving Your SAP Security and Compliance Strategy in the era of Cloud & SAP S/4HANA,” which aired live on day 1 of SAPinsider’s 2020 Virtual Conference Experience. Although Jason is a more than 20-year security practitioner, […]
3 minute read