Apr 3, 2024
•2 minute read
SAP Security
What Is Security?
Security is a broad term that can apply to many fields. In the area of IT, security refers to tools and strategies that prevent unauthorized access to organizational assets such as computers, networks, and data. Security is designed to maintain the integrity and confidentiality of sensitive information, blocking the access of sophisticated hackers and malicious insiders.
What Is Security?
Security is a broad term that can apply to many fields. In the area of IT, security refers to tools and strategies that prevent unauthorized access to organizational assets such as computers, networks, and data. Security is designed to maintain the integrity and confidentiality of sensitive information, blocking the access of sophisticated hackers and malicious insiders.
What Is SAP Security?
SAP security products and services help organizations to develop and administer solutions securely across on-premise, cloud, and hybrid environments. The SAP Trust Center includes links to various SAP security tools and services under five categories:
- Hybrid identity and access management: SAP Single Sign-On, SAP Identity Management, and SAP Access Control.
- Cloud identity services: SAP Cloud Identity Services – Identity Authentication, SAP Cloud Identity Services – Identity Provisioning.
- Secure development services: SAP Authorization and Trust Management service, SAP Credential Store, Cloud Connectors, and SAP Cloud Programming Model.
- Risk and compliance: SAP Cloud Identity Access Governance, SAP Data Retention Manager, SAP Customer Data Cloud, and SAP Data Privacy Integration.
- Security support services: SAP Security Optimization, SAP MaxAttention, and Security Service and Support Offerings.
Further Resources for SAPinsiders
Trust Matters! The SAP Security Strategy and Roadmap. This presentation by Anne Marie Colombo, Cybersecurity Solution Advisor at SAP, provides an overview of SAP’s security strategy as well as its related solutions and products. The presentation explains how the latest solutions and services, such as SAP Cloud Platform Identity Authentication, SAP Cloud Platform Identity Provisioning, SAP Enterprise Threat Detection, SAP Single Sign-On, and SAP Identity Management, can bring value to your enterprise security platform.
Insights for Your Emerging SAP Security Strategy. In this blog post, SAPinsider discusses security with key leadership from SAP security company Onapsis. The discussion ranges across many topics, from the state of SAP software and enterprise security to Onapsis’s acquisition of Virtual Forge and its impact on the SAP customer base.
Application Security Imperiled by Attackers. Application security is being threatened by cyberattacks on the application layer, such as SAP S/4HANA systems, which target valuable resources organizations store there, observe SAP’s Arndt Lingscheid, Global Solution Owner Cybersecurity and Data Protection, and Martin Mueller, Presales and Program Manager, SAP Security Suite. Companies need to deploy real-time detection and response to deal with the rise in attacks against the SAP application layer level, they argue.
Vendors that can help SAP customers with security include: Appsian Security, Fastpath, Fortinet, Layer Seven Security, Lookout, Onapsis, Security Weaver, Xiting, and Xpandion.
How SAP Users Can Optimize Cloud Migration by Leveraging PartnershipsThe countdown toward the deadline for SAP ECC maintenance in 2027 is getting closer and closer for SAP users. Cloud migration is now one of the most discussed and sought-after ERP enhancements. Knowing how complex the transformation is going to be for many companies, SAP has been consistently developing and enhancing its RISE with SAP […]
Modernizing Enterprise SAP Application Infrastructure with CyberTechClient Overview A global manufacturing leader faced significant technical roadblocks in evolving their legacy SAP landscape. Their systems were hampered by outdated infrastructure and repeated failed migration attempts, restricting growth and innovation. Our team stepped in to stabilize and modernize the client’s application environment, paving the way for scalability and new feature development. The Challenge […]
Mar 12, 2026
•2 minute read
Pickle in the Pipeline: Critical RCE Vulnerabilities in SGLang’s LLM Serving FrameworkOrca Security identified multiple unsafe deserialization vulnerabilities in SGLang, a widely used AI/ML framework, leading to three critical CVEs that allow unauthenticated remote code execution and insecure deserialization, with no response from maintainers or available patches.
Mar 12, 2026
•12 minute read
Beyond the Sticker Price: Understanding the True Cost of Your Security ToolsTo effectively maximize risk reduction within budget constraints, cybersecurity leaders must consider the Total Cost of Ownership (TCO) by evaluating five critical budgets—tool acquisition, team time, organizational impact, overhead, and downtime costs—beyond just the initial tool purchase price.
Mar 12, 2026
•2 minute read
Breaking: Actively Exploited Chrome Zero-Day May Impact Enterprise, Developer, and Automation EnvironmentsA critical vulnerability (CVE-2026-2441) in Google Chrome and Chromium allows attackers to execute arbitrary code via malicious web content, requiring immediate updates across various environments, including cloud and automation, to mitigate exploitation risks.
Mar 12, 2026
•2 minute read
Critical CVE-2026-1731 Vulnerability in BeyondTrust Remote Support and PRA Exposes Systems to Remote Code ExecutionA critical vulnerability (CVE-2026-1731, CVSS 9.9) in BeyondTrust Remote Support and Privileged Remote Access allows unauthenticated attackers to achieve remote code execution via crafted WebSocket messages, confirmed to be exploited actively, necessitating immediate patching for affected versions.
Mar 12, 2026
•10 minute read
Getting Ready for the AI Era: A CISO’s Guide to AI Security StrategyThe AI era drastically escalates the scale of risk for security teams, necessitating a paradigm shift in approach rather than reliance on traditional methods or tools, emphasizing education, visibility, and architectural investment.
Mar 12, 2026
•5 minute read
Post-Exploitation at Scale: The Rise of AILMAI-Induced Lateral Movement (AILM) is an emerging post-exploitation attack vector expected to gain prominence by 2026, leveraging organizations' AI layers as pivots for lateral movement, thereby increasing attack surfaces and leading to severe security incidents like credential theft and remote code execution.
Mar 12, 2026
•7 minute read
Unlocking Kubernetes Security: Insights from Our Session at SANS Kubernetes & CNAPP ForumThe SANS Kubernetes & CNAPP Forum emphasized the importance of using unified CNAPP strategies to enhance security in Kubernetes environments, enabling organizations to effectively manage and protect their cloud-native applications against evolving threats.
Mar 12, 2026
•1 minute read
AI for Security vs. Security for AIAI is reshaping cloud security—but it’s also expanding the attack surface. Many organizations are using AI to defend the cloud while overlooking the need to protect the AI systems themselves. This quick-reference cheat sheet breaks down both sides of the challenge: using AI to strengthen cloud defenses, and securing AI as a workload. What you’ll […]
Mar 12, 2026
•1 minute read
SAP Security Patch Day: Monthly Updates and Risk AnalysisSAP Security Patch Day is a recurring moment of risk assessment for SAP customers. This article provides a continuously updated analysis of the vulnerabilities that most affect enterprise exposure, explaining why they matter operationally and how practitioners should prioritize response.
Mar 11, 2026
•4 minute read
Featured Insiders
Popular Insights
Events
SAPinsider Las Vegas 2026Las Vegas, Nevada, NV
Mastering SAP Collaborate – Auckland 2026Auckland, New Zealand
Mastering SAP Collaborate – Singapore 2026Singapore, Singapore
Mastering SAP Connect – Gold Coast 2026Gold Coast, QLD, Australia
