Secure Together 2025 hits the Road – SAP Security Highlights from Frankfurt
Chapters
Share Article
Let's Talk SAP Security
Have questions about SAP Security? We’re here to help. Contact Us
The first stop of our “Secure Together on the Road” 2025 series took place in Frankfurt am Main. This year, we continue to highlight the powerful synergy between different manufacturers and service providers who work together to offer comprehensive SAP security for their customers. Alongside returning sponsors Accenture, Bowbridge, and Fortinet, we are thrilled to welcome NextLabs and Saviynt as new sponsors for this year’s events.
Several SecurityBridge customers also shared their firsthand experiences implementing SAP Security in their environments – offering valuable insights into real-world practices and results.
Read on to discover the highlights of this inspiring day.
Case Study: Deutsche Telekom – How Standardized SAP Security Creates Real Value
With a well-thought-out combination of SAP-native and complementary security solutions, Deutsche Telekom IT demonstrated how security, compliance, and operational efficiency can go hand in hand and scale globally.
In a case study, Product Managers Sinisa Popadic and Carsten Fritzsche presented their path to standardized IT governance with a focus on SAP security. The solution: A centralized approach with SecurityBridge at the heart of SETAM (SAP real-time Threat Monitoring) and NextLabs DDPM (Dynamic Data Policy Manager).
With over 780 applications, 6,800 servers, and a global workforce, Deutsche Telekom needs a scalable security strategy. The answer lies in a centralized platform that combines real-time monitoring, data masking, access control, and compliance management. SAP GRC, EntraID-based authentication, as well as 4-eyes principles and patch management, are integral components of their security architecture.
SETAM enables continuous detection and response to threats – including alerting, compliance monitoring, and audit trails. At the same time, DDPM ensures uniform data access controls across SAP and non-SAP systems. Attribute-Based Access Control (ABAC) orchestrates access on a context-based basis – a clear step forward compared to classic role models. Implementation follows agile principles – from pilot projects to global rollouts.
SAP Security 360° with Microsoft Sentinel & SecurityBridge
In the presentation “SAP Security 360° – From Compromise to Remediation”, Holger Hügel (SecurityBridge) and Holger Bruchelt (Microsoft) showed how an optimized end-to-end process between SOC analysts and SAP security teams detects threats at an early stage and efficiently defends against them. Based on real-world threats, such as phishing incidents and known vulnerabilities, the presentation outlined how Microsoft and SecurityBridge have jointly created a comprehensive security concept for SAP systems so that SOC analysts and SAP teams can act seamlessly in tandem.
Supplemented by SecurityBridge content, Microsoft Sentinel can better visualize attack trajectories in SAP environments, suggest countermeasures, and summarize them in Copilot reports. The combination of both platforms significantly increases the resilience of SAP systems – with measurable benefits such as 72% less risk of security incidents and 88% shorter response time.
By integrating SAP-specific analyses into Microsoft’s Security Operations Platform, complete threat images – so-called “attack graphs” – are created. These place SAP incidents in the overall context of the IT threat situation and automatically show recommendations for action.
The demo illustrated how Microsoft Copilot can speed up the response. The integration provides insights into the time course of attacks, as well as into the details of the respective SAP incidents. This not only enables companies to react faster but also to act preventively and strengthen their security architecture in the long term.
Case Study: Allianz SE – Malware Protection for SAP Applications
If you no longer want to consider file uploads in SAP as a security gap, bowbridge is a well-thought-out, highly integrated solution. Secure file exchange thus becomes the standard – without compromising usability and performance.
Based on their implementation at Allianz SE, Jörg Schneider-Simon (bowbridge) and Ömer Lacin (Allianz SE) presented a solution that addresses an often overlooked but critical problem: the secure exchange of files within and outside SAP systems. This is because SAP transactions are not only structured – they also increasingly include file uploads, whether for receipts, attachments, or data imports.
But this is exactly where gateways for malware, phishing, and data leaks arise. The bowbridge solution counters these risks with an integrated security concept: Every file is checked – in real time, directly in the upload process – before it enters the SAP system or is passed on. Not only is classic signature recognition used but also modern methods such as heuristic analyses and content validation.
Because the solution is fully embedded in SAP (S/4HANA, SAP Fiori, and hybrid landscapes), there are no system breaks but maximum user acceptance. At the same time, approval processes, quarantine management, and detailed audit trails can be centrally controlled. File types, sources of origin, and target systems can also be configured granularly – a decisive advantage in regulated industries or with strict data protection.
AI and Cyber Immunity for SAP – Vision or Reality?
AI can be a huge amplifier for SAP security – but it is not a substitute for a strategic security architecture. In a joint session, Julian Petersohn (Fortinet) and Andreas Kirchebner (Accenture) showed what role AI plays in SAP security – and how it can contribute to the goal of “cyber immunity”.
First, the development of AI in the security context is outlined – from classic expert systems to modern LLMs such as ChatGPT. In the SAP environment, the range of applications today ranges from anomaly detection and role analysis to intelligent code review by SecurityBridge. It is important to emphasize that AI not only accelerates processes but also recognizes connections that are hidden from human analysts.
Data quality plays a central role in this. Missing or biased data can lead to incorrect analyses. That’s why data governance is a must—with a focus on access controls, classification, automation, and ethics. At the same time, there are risks: deepfakes, bias, data breaches, and geopolitical dependencies jeopardize trust in AI.
The speakers then define “cyber immunity” as the ability of a system to autonomously detect, defend against, and adapt to threats. Comparable to the human immune system. In practice, this requires components such as adaptive defense mechanisms, behavioral analysis, automated vulnerability remediation, and zero trust principles. Governance, continuous development, and ethical principles remain essential on the path to true cyber immunity.
UCON Best Practices for Secure SAP RFC Communication
Remote Function Calls (RFC) are one of the basic building blocks in SAP systems – and at the same time represent an enormous risk. In his presentation, Julian Petersohn from Fortinet shows how companies can use SAP UCON (Unified Connectivity) to effectively secure their RFC interfaces.
With more than 48,000 potentially externally callable functions per S/4HANA system, this creates a huge attack surface. This is where UCON comes in: As an “RFC firewall”, granular control allows you to control which function modules should be accessible externally – and which should not. UCON is used in three phases: logging, evaluation, and active runtime checks.
It is important to emphasize that UCON does not replace authorization concepts but merely complements them. In addition, SAP includes an “Always Allowed” set of RFCs that require special attention.
With use cases such as HTTP whitelist scenarios, WebSocket RFC protection, and blacklist reports, the presentation shows in a practical way how organizations can secure their system landscape – and not overlook typical stumbling blocks such as new RFMs (Remote Function Modules) after system upgrades.
Conclusion: If you really want to secure RFC communication, you can’t get past UCON. In combination with monitoring, authorizations, and regular evaluation, a resilient security foundation is created – indispensable for modern SAP landscapes.
SAP Multi-Compliance Cybersecurity Framework – Harmonization of regulatory requirements and standards
With the SAP Multi-Compliance Cybersecurity Framework (MCCF), Michael Altmaier from SAP presented a structured approach to integrating regulatory requirements such as NIS2, GDPR, or ISO 27001 into SAP systems in a targeted manner. The goal: away from fragmented individual measures – towards a centrally harmonized security framework.
The starting position of many companies is characterized by uncertainty, inconsistent processes, and a lack of compliance maturity. MCCF addresses this with a methodology that translates compliance mandates into tangible requirements (WHAT) and actionable security controls (HOW) – while always providing answers to the “why” (obligation).
The core of the framework is harmonization: overlapping regulatory requirements are merged, with ISO 27001 Annex A as a reference model. Content from BSI “IT-Grundschutz” and SAP-specific best practices are supplemented, making SAP systems resilient and easier to audit.
Using the example of the EU NIS2 Directive, it is shown how specific requirements such as “use of cryptography” are systematically transferred into technical SAP controls – e.g. via SNC parameters. This creates a seamless “compliance chain”: from the obligation to the specific system configuration. This enables companies to implement regulatory requirements reliably and efficiently in SAP environments.
SAP BTP Security – Why Security in the Business Technology Platform Is a Top Priority
The Business Technology Platform (BTP) is part of modern SAP landscapes. Holger Hügel, author of this article and Product Management Director at SecurityBridge, illustrated why BTP security must be a strategic priority and how companies can benefit from holistic protection.
BTP expands the SAP Clean Core with individual apps, integrations, and external interfaces. The attack surface also increases accordingly. SAP already provides a comprehensive list of security recommendations, but not all of them are easy to monitor. This is where SecurityBridge comes in: The platform covers all audit logs of global and sub-accounts as well as the Cloud Connector and creates end-to-end traceability of all security-related activities.
A key highlight is SecurityBridge’s Code Vulnerability Analysis (CVA), which automatically detects vulnerabilities in BTP-specific code – including AI-supported explanations. User permissions, inactive user accounts, and external access are regularly checked and evaluated to meet compliance requirements.
With centralized access to SAP Cloud ALM, threat detection, and context-based analysis for SAP BTP, SecurityBridge fits seamlessly into existing cybersecurity strategies and system-wide risk management.
Case study: SAP Security as a system – How Adidas and Accenture make governance measurable
In their case study, Oussama Bensat (Accenture) and Mohammed Moidheen (Adidas) described their joint path to a transparent, standardized, and future-proof SAP security architecture. The focus is on overcoming challenges in hybrid SAP landscapes, especially during the S/4HANA transformation.
Central problem areas: a lack of strategy, lack of transparency, unclear responsibilities, and an incomplete security concept. The answer: a holistic security strategy based on the SAP Secure Operations Map (SOM). The aim is to map and operationalize technical, organizational, and procedural controls across all relevant SAP applications – from SAP S/4HANA over SAP BTP and Concur to SuccessFactors.
The combination of SAP Security Baseline, internal company policies, and a clearly structured RACI model created an implementable security concept. The defined plan includes more than 300 technical controls, prioritized implementation, a coordinated maturity model, and the involvement of all teams involved.
The following milestones are particularly noteworthy:
- Introduction of an SAP Security Dashboard based on Power BI
- Integration of SecurityBridge as a central tool for compliance monitoring, threat detection, and patch management
- Setting up an SAP vulnerability management program including issue tracking
The outlook underlines the strategic foresight of the project: New use cases for threat detection, continuous expansion of controls, and increased automation in reporting are already being planned.
Saviynt: Continuous Compliance in Hybrid SAP Landscapes
If you take compliance seriously, you need more than rules – you need a platform that intelligently combines access control, governance, and security. Amit Saha from Saviynt, a leading provider of Identity Governance & Administration (IGA), showed how continuous compliance can succeed in complex, hybrid SAP landscapes.
More and more companies are relying on multi-cloud environments and hybrid SAP systems. This diversity leads to silos, inefficient processes, and security gaps. Saviynt provides an intelligent, converged platform that breaks down this complexity, with features such as zero trust access, lifecycle management, role mining, SOD management, and comprehensive analytics.
The focus is on unifying identity and access control across different systems – from SAP S/4HANA and SuccessFactors to AWS, Azure, and non-SAP applications. Saviynt integrates not only internal users but also machine identities, IoT devices, and external users.
All identities and permissions are managed on a central platform – with automated recertification, role-based access control, and intelligent decision-making mechanisms that can also process unstructured data. Saviynt provides a strong answer to the challenges of modern SAP ecosystems.
We are grateful to all participants, speakers, and sponsors who made the Frankfurt stop of our “Secure Together on the Road” 2025 series a remarkable success. Your contributions and shared insights reaffirm the importance of collaboration in strengthening SAP security across industries. We’re now looking ahead to our next destination: Rotterdam. Stay tuned – and see you there!
