The global and independent platform for the SAP community.

Central protection against cyberattacks

ERP security is one of the most important success factors in companies - whether SAP, Oracle or other business software is in use. To protect critical systems from attacks, customers should use comprehensive security platforms.
Dr. Markus Schumacher, Onapsis
March 20, 2020
[shutterstock: 650552203, Gearstd]
This text has been automatically translated from German to English.

Last spring, the U.S. Department of Homeland Security's Office of Cybersecurity and Digital Infrastructure (CISA) and security firm Onapsis warned of increased risks from attacks on known misconfigurations in SAP applications: "Many SAP systems are at risk."

The reason was the publication of an exploit construction kit called 10KBLAZE, which provides malware and thus makes it very easy for hackers to compromise the relevant systems. Worldwide, nine out of ten SAP installations with a total of over 50,000 customers are said to be affected.

While still a novelty in the SAP world, such attack kits for Oracle vulnerabilities have been available in public forums for some time - and are no less dangerous. For most companies, the market-leading SAP and Oracle systems are at the heart of digitization, cloud migrations and IoT initiatives.

If they become the target of cyberattacks, this can have very serious consequences for a company - whether the attack is intended for espionage, sabotage or fraud. If cyber criminals succeed in accessing entire databases in order to copy, change or delete them, they can cause considerable economic damage.

In addition, the reputation suffers and the trust of customers dwindles. This pressure is increased by ever stricter regulatory requirements such as the EU Data Protection Regulation, which punishes data protection violations with heavy fines.

Security gaps in three areas

In order to effectively ward off such cyber threats to ERP systems, the use of holistic security tools is recommended. In the SAP area, for example, three areas have been identified that are significantly responsible for security vulnerabilities: System settings, customer-generated code and the import of transports.

With comprehensive analysis tools, it is possible to automatically check the SAP system configurations, immediately eliminate possible errors, and avoid renewed configuration errors ("automate audit"). At the same time, the customer's own code lines can be automatically checked for weaknesses in security, compliance and quality and these can be cleaned up.

Finally, by analyzing SAP transport requests ("change assurance"), it is possible to prevent updates and new developments as well as third-party applications from importing harmful content into SAP systems and opening the door to spies or data thieves.

Schumacher Markus

So if you want to effectively protect your ERP environment from attackers, you should definitely rely on an integrated solution to automatically detect, remediate and prevent all identified cybersecurity and compliance risks.

Since most companies operate extremely heterogeneous system landscapes with hundreds, if not thousands of applications, such an ERP security platform should also be able to be used across manufacturers.

There should be a focus on SAP and Oracle applications, as these two vendors, with around 437,000 and 430,000 customers worldwide, are considered market leaders for enterprise software, whether on-premises or - increasingly - cloud-based.

A multi-vendor approach ensures that multiple security tools do not need to be deployed and that the installation and operational effort for ERP security is kept to a minimum.

This also applies to the use of the security platform in digital transformation projects and in migrations of existing ERP systems to the cloud or to new software generations from the same providers, such as the upcoming migration to SAP S/4 Hana for many customers.

Best Practices

Good ERP platforms for security and compliance are also characterized by the fact that they are based on best-practice specifications: including the security guidelines of the individual software manufacturers and user groups, for example the DSAG testing guidelines, as well as the BSI basic protection recommendations.

Equipped with proven security expertise, security platforms offer companies comprehensive protection against cyberattacks. This protection is an absolute must in view of the increasing number of IT attacks and the horrendous damage they cause every year.

According to a study by the industry association Bitkom, industrial companies in Germany incurred a total loss of 43.4 billion euros in 2017 and 2018 alone. Following the acquisition of Virtual Forge, Onapsis can provide customers with a central ERP platform for security and compliance that can be used equally by all target groups - even beyond SAP and Oracle.

Dr. Markus Schumacher, Onapsis

Dr. Markus Schumacher is General Manager Europe at Onapsis

Write a comment

Work on SAP Basis is crucial for successful S/4 conversion. This gives the so-called Competence Center strategic importance among SAP's existing customers. Regardless of the operating model of an S/4 Hana, topics such as automation, monitoring, security, application lifecycle management, and data management are the basis for the operative S/4 operation. For the second time already, E3 Magazine is hosting a summit in Salzburg for the SAP community to get comprehensive information on all aspects of S/4 Hana groundwork. With an exhibition, expert presentations, and plenty to talk about, we again expect numerous existing customers, partners, and experts in Salzburg. E3 Magazine invites you to Salzburg for learning and exchange of ideas on June 5 and 6, 2024.


Event Room, FourSide Hotel Salzburg,
At the exhibition center 2,
A-5020 Salzburg

Event date

June 5 and 6, 2024


Early Bird Ticket - Available until 29.03.2024
EUR 440 excl. VAT
Regular ticket
EUR 590 excl. VAT

Secure your Early Bird ticket now!


Event Room, Hotel Hilton Heidelberg,
Kurfürstenanlage 1,
69115 Heidelberg

Event date

28 and 29 February 2024


Regular ticket
EUR 590 excl. VAT
The organizer is the E3 magazine of the publishing house AG. The presentations will be accompanied by an exhibition of selected SAP partners. The ticket price includes the attendance of all lectures of the Steampunk and BTP Summit 2024, the visit of the exhibition area, the participation in the evening event as well as the catering during the official program. The lecture program and the list of exhibitors and sponsors (SAP partners) will be published on this website in due time.