Notifications
Clear all
Topic starter
22/06/2026 10:02 am
TL;DR: SAP security is increasingly an identity and lifecycle problem, not just an application problem, and Pathlock and NTT DATA Business Solutions are combining managed services and application controls to deliver 24/7 SAP monitoring, detection, response, and governance for enterprise ERP environments, addressing exposure to ransomware, insider threats, and fraud according to Pathlock. The shift matters because SAP security is increasingly an identity and lifecycle problem, not just an application problem.
NHIMG editorial — what this means for NHI practitioners
Questions worth separating out
Q: How should organisations govern privileged access in SAP environments?
A: They should treat SAP privileged access as a business control, not just an admin entitlement.
Q: Why do SAP environments need continuous monitoring rather than periodic review?
A: Because fraud, insider misuse, and suspicious process changes can happen outside review cycles and during business handoffs.
Q: What breaks when SAP identity governance is split from ERP security?
A: Teams lose visibility into how access becomes action.
Practitioner guidance
- Map SAP privileged access to business impact paths Identify which roles, service accounts, and integrations can alter finance, procurement, transport, or approval workflows.
- Align SAP offboarding with identity lifecycle controls Review whether leaver, contractor, and third-party offboarding removes access from SAP users, service identities, and partner-connected accounts with equal speed.
- Correlate SAP alerts with transaction and entitlement context Tune monitoring so suspicious activity is evaluated against the identity used, the transaction executed, and the approval path taken.
What's in the full announcement
Pathlock's full post covers the operational detail this post intentionally leaves for the source:
- How the managed SAP cybersecurity service is packaged for enterprise customers and operating teams.
- Which SAP-specific control capabilities are included, such as code scanning, transport control, and dynamic access controls.
- How the partnership positions continuous monitoring, detection, and response inside the SOC operating model.
- What Pathlock and NTT DATA Business Solutions say about the future of SAP security and compliance co-innovation.
Managed SAP cybersecurity services: what it means for IAM teams?
Explore further
22/06/2026 10:46 am
Managed SAP security is becoming an identity governance discipline, not an application add-on. SAP controls now sit at the point where people, service identities, transports, and business transactions intersect. That makes lifecycle governance, privileged access, and transaction traceability inseparable from ERP security outcomes. Practitioners should stop treating SAP protection as a niche admin function and govern it as part of enterprise identity architecture.
A few things that frame the scale:
- 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures, according to Ultimate Guide to NHIs.
- 68% of organisations do not know how to fully address NHI risks, according to Ultimate Guide to NHIs.
A question worth separating out:
Q: Who should own response when SAP access is abused?
A: Ownership should sit across IAM, SAP security, and the SOC, with clear decision rights for containment and investigation. If identity teams own the entitlement and application teams own the workflow, response still fails unless one operating model connects the access path to the business process it can change.
👉 Read our full editorial: Managed SAP cybersecurity services raise the bar on ERP governance
