How to Make Your SAP Development More Secure

Written by Mario Agüero|Posted on September 21, 2022

header image

SAP is one of the biggest names in enterprise software, used in everything in administration, finance, human resources, supply chains, relationship management, and more. The German company’s software is so prevalent that 94% of the world’s 500 largest companies use it.

Today, SAP is connected to 87% of global business revenue. That makes it a tempting target for hackers, with cyberattacks on SAP applications growing substantially over the previous decade.

Challenges of Securing SAP

A recent report by security company Onapsis has identified some key challenges of securing enterprise software:

  • The pace of digital transformation has accelerated to the point that businesses simply do not have the IT resources to keep security updates up to speed.
  • Security is not prioritized by CFOs, who allocate budget toward other aspects of the business, leaving a company vulnerable as it rushes to adopt new systems without appropriate security measures.
  • Not many tools effectively secure SAP application development, and manual reviews are onerous, time-consuming, and often skipped.

The Role of Software Outsourcing

A 2020 PWC Pulse Survey reported that companies are spending less on security but more on workforce. Outsourcing for software development is a big part of this.

To meet their enterprise software requirements, businesses need to outsource, but many neglect to align their development and security teams. One solution is to hire an outsourced development team with experience in cybersecurity and QA.

The Best Approach for Securing SAP

The report from Onapsis recommends the following tips for securing SAP.

  • Incorporate security early: Balance speed with security in your dev cycles right from the beginning, with frequent reviews for risk, automated when possible.
  • Transparency: Issues need to be found and fixed early on to save time and money, so organizations should have tools to view the development and security process of their custom software.
  • Effective reporting: Frequent and detailed reports keep all stakeholders on the same page and reduce the risk that a threat will slip by unnoticed. Finally, Onapsis recommends its own product, Onapsis Control, which contains automated processes specifically designed to carry out security tests on SAP applications.

To read the original news article, click here.

Mario Agüero

Mario Agüero

General Manager


Buenos Aires, Argentina

View profile