Topics
Regions
Industries

Fortify Your Future: The New Era of SAP Security

What is SAP Security?

SAP Security encompasses the strategies, technologies, and practices designed to protect SAP systems, applications, and data across on-premise, cloud, and hybrid landscapes. It addresses key domains such as identity and access governance, data protection and privacy, cybersecurity and threat protection, and compliance controls.

With increasing adoption of SAP’s intelligent enterprise platform, S/4HANA, SAP Business Technology Platform (BTP), and RISE with SAP, the security posture of SAP environments has become more complex and more critical than ever. Enterprises must defend against sophisticated cyberattacks, embedded vulnerabilities, and evolving compliance requirements.

SAP Security aims to:

  • Ensure only authorized users and processes can access sensitive functions and data

  • Protect confidential and regulated data against breaches or misuse

  • Detect and respond to threats, intrusions, and anomalous behavior

  • Embed security across development, operations, and transformations (i.e. security by design)

  • Maintain compliance with industry standards, regulations, and audit requirements

Why SAP Security Matters

  • High-value target: SAP systems often run mission-critical processes (finance, supply chain, HR), making them attractive targets for attackers.

  • Complex ecosystems: Many organizations run hybrid environments (on-prem + cloud + third-party integrations), increasing attack surfaces.

  • Rapid transformation: As companies migrate to S/4HANA or move workloads to cloud, they must ensure security is not an afterthought.

  • Regulatory and compliance pressures: Regulations such as GDPR, SOX, NIS2, and industry-specific mandates demand strict controls over data and access.

  • Shared responsibility models: In cloud or managed SAP models, security responsibilities can be split between vendor, cloud provider, and enterprise, requiring clear governance.

SAPinsider Security Resources!

Cybersecurity Threats and Challenges to SAP Systems 2025

Over the past year the number of cyber threats impacting enterprise landscapes, and the SAP systems that reside in them, continued to increase. Reflecting this increase in cyber threats, 23% of respondents reported that they experienced a credential compromise or social engineering attack, a malware or ransomware attack, or a cybersecurity attack that has impacted…

Read More
  1. security incident

    Reported SAP Cyber Attack Severely Impacts Business Operations

    Read More

  2. The Technology Leader’s 2025 Agenda for SAP

    Read More

Cyber Security News from our Partners!

  1. onapsis platform

    New Onapsis Platform Updates Deliver Deeper SAP Security

    As SAP systems face increasing cyber threats, Onapsis has announced new functionality in its platform to enhance security and patch management, emphasizing the importance of prioritizing SAP protection, securing executive support for cybersecurity initiatives, and adopting a layered defense strategy.

  2. SAP Cybersecurity Q&A with Authors Gaurav Singh and Juan Perez-Etchegoyen

    Authors Gaurav Singh and Juan Perez-Etchegoyen recently took part in the SAP PRESS Book Club webinar series, where they answered reader questions about cybersecurity for SAP over the course of an hour. Membership Required You must be a member to access this content.View Membership LevelsAlready a member? Log in here

  3. SAP’s Hectic Six Months of Patching

    In the first half of 2025, SAP’s release of 27 high-priority security notes, 14 HotNews updates, and several zero-day vulnerabilities, including one allowing unauthenticated file uploads, highlights the increasing sophistication of cyber threats targeting SAP systems, underscoring the necessity for customers to stay vigilant with patching, monitoring, and adopting layered cybersecurity measures.

  4. SAP S/4HANA deployment

    The SAP Zero-Day Wake-Up Call: What CISOs and CIOs Need to Know

      In recent months, an unprecedented wave of SAP zero-day attacks exposed critical structural weaknesses in the security programs of hundreds of the world’s leading organizations—raising urgent questions about detection, response, and long-term resilience of their business-critical applications. And while this made major headlines, many business leaders are still scrambling to understand what happened, what…

  5. SAPinsider Research Webinar: Cybersecurity Threats and Challenges to SAP Systems 2025

    July 10, 2025

    Over the past year the number of cyber threats impacting enterprise landscapes, and the SAP systems that reside in them, continued to increase. Reflecting this increase in cyber threats, 23% of respondents reported that they experienced a credential compromise or social engineering attack, a malware or ransomware attack, or a cybersecurity attack that has impacted…

  6. Cybersafe News

    Charting a Path to SAP Cloud Security

    As businesses shift to the cloud, they encounter distinct security challenges that can hinder their ability to fully utilize cloud capabilities; adopting a ‘security by design’ approach and collaborating with experienced partners like Onapsis and Capgemini is crucial for ensuring data security and navigating new risks, particularly with the integration of AI.

  7. cybersecurity

    Understanding Threat Actors Attacking SAP with Onapsis

    In April 2024, Onapsis, in collaboration with Flashpoint, released the ‘Ch4tter: Threat Actors Attacking SAP for Profit’ report, emphasizing the evolving cybersecurity risks facing SAP organizations and advocating for proactive measures like penetration testing and ongoing education to mitigate these threats.

  8. Cybersecurity sessions

    Onapsis Announces New Cybersecurity Book to Debut at SAPinsider Vegas 2025

    At SAPinsider Vegas, technology leaders will gather to explore SAP landscape optimization and cybersecurity, highlighted by the release of Onapsis’s new book ‘Cybersecurity for SAP,’ co-authored by its CTO and focused on addressing security challenges amid rising cyber threats.

SAPinsider Security Resources!

  1. A Leader’s Guide to the SAP GRC Framework

    SAP GRC (Governance, Risk, and Compliance) is a crucial integrated framework that helps organizations navigate the complexities of compliance, risk management, and governance within increasingly regulated and threat-laden business environments, serving as both a tool and a strategic imperative for operational integrity.

  2. Securing the Bridge: A Leader’s Guide to SAP BTP in Hybrid Architectures

    The SAP Business Technology Platform (BTP) is crucial for innovation in hybrid environments but poses significant security risks due to its integration with core systems; thus, organizations must adopt comprehensive security strategies that include proactive monitoring, secure development practices, and strict identity management to protect against vulnerabilities and unauthorized access.

  3. Beyond LNK Files: Unmasking the SAP Shortcut Phishing Threat

    Attackers can exploit SAP Shortcut (.sap) files in phishing campaigns to execute remote code on user machines, bypassing traditional security measures, necessitating defenses such as blocking these attachments and implementing SAP security configurations.

  4. New in The Onapsis Platform: Deeper SAP Insights and Automated Defenses

    Onapsis has launched significant updates to The Onapsis Platform, including the SAP Notes Command Center, Rapid Controls, expanded Alert on Anything capabilities for SAP BTP, and enhanced Coverage Analysis in Onapsis Security Advisor, aimed at improving SAP application security by providing deeper insights, greater visibility, and more automation to help organizations effectively respond to an…

  5. Onapsis and Microsoft Sentinel: End-to-End SAP Threat Monitoring for the SOC

    Onapsis has integrated its threat monitoring product, Onapsis Defend, with Microsoft Sentinel Solution for SAP to enhance visibility and security for mission-critical SAP systems, enabling quicker detection and response to sophisticated threats.

  6. security incident

    Reported SAP Cyber Attack Severely Impacts Business Operations

    In April 2025 an SAP cyberattack has halted operations at a leading global manufacturer, exposing critical business data and sending shockwaves through global supply chains. Security experts report that a recently released SAP exploit, now in the hands of multiple threat actor groups, has made it easier than ever for attackers to compromise vulnerable systems.…

  7. Critical SAP Zero-Day Vulnerability Under Active Exploitation

    Active exploitation of a critical zero-day vulnerability (CVE-2025-31324) in the SAP Visual Composer component allows unauthenticated attackers to gain full control over SAP systems, prompting SAP to release an emergency patch and urging customers to either apply it or disable access to the vulnerable component. Membership Required You must be a member to access this…

  8. Anatomy of an Attack: Breaking Down a C2 Incident on SAP

    Onapsis Research Labs detailed a security breach where an SAP system was compromised, transformed into a command and control bot through a vulnerability, and used to launch a distributed denial of service attack via Cloudflare.

  9. How Legacy SAP Application Modernization via BTP Delivered 95% TCO Reduction

    Securing SAP Remote Function Calls: The Crucial Role of S_ICF Authorization

    The article discusses the importance of the S_ICF authorization object in SAP systems as a security measure to mitigate RFC hopping attacks by controlling access to RFC destinations and ensuring that only authorized users can initiate function calls, thereby reducing the risk of unauthorized privilege escalation following a cyber attack.

  10. Vulnerabilities Affecting SAP AI Services

    On July 17th, 2024, Hillai Ben-Sasson, a security researcher from the cloud company WIZ released the results of a research focused on SAP Cloud AI services, which was part of a broader research around mainstream AI cloud providers also including Hugging Face and Replicate. The researcher identified a set of weaknesses in the cloud infrastructure…

  11. SAP Customer Experience

    A Risk Driven Approach to SAP Application Security

    SAP applications are foundational, business-critical systems. Their importance and overall complexity are exploding in scale, as organizations continue to support legacy systems while simultaneously transitioning to the cloud.

  12. Lessons from Onapsis-Flashpoint Report and Beyond

    In the realm of enterprise resource planning (ERP) systems, security is a constant battleground. Despite the availability of patches for known vulnerabilities, the Onapsis-Flashpoint Ch4tter report sheds light on a worrying trend: increased attack activities on these critical systems.

  13. Onapsis Continues to Set the Standard for More Complete SAP Application Security for RISE with SAP, SAP BTP, and S/4HANA Cloud

    Market-defining innovation and comprehensive coverage leads to deeper visibility, stronger controls, and greater risk reduction for F500 SAP Organizations.

  14. Cybersecurity sessions

    New Report Reveals Evidence of Increased Cybercriminal Interest in ERP Applications

    Novel research report from Onapsis and Flashpoint details increasing interest and value of ERP security application vulnerabilities for ransomware and data breaches.

  15. Deloitte & Onapsis Strategic Alliance

    Deloitte and Onapsis Form Strategic Alliance to Help Shared Clients Secure SAP S/4HANA Cloud®, RISE with SAP® and Cloud ERP Digital Transformations.

Become a Member

Unlimited access to thousands of resources for SAP-specific expertise that can only be found here.

Sign Up

Become a Partner

Access exclusive SAP insights, expert marketing strategies, and high-value services including research reports, webinars, and buyers' guides, all designed to boost your campaign ROI by up to 50% within the SAP ecosystem.

Sign Up

Upcoming Events

  1. SAPinsider Technology Executive Forum

    • Dec 02 - 03, 2025
    • Phoenix , Arizona

  2. SAPinsider Las Vegas 2026

    • Mar 16 - 19, 2026
    • Las Vegas, Nevada , NV

  3. SAPinsider ERP Transformation Summit

    • Oct 29 - 30, 2026
    • New Orleans , Louisiana

Sign Up for the SAPInsider Weekly

Always have access to the latest insights with articles, Q&As, whitepapers, webinars, and podcasts. Gain the inside edge. The SAPinsider Weekly helps you stay SAP savvy. Access exclusive bonus materials, discounts, and more.

Get the Newsletter