Cyber Security

Secure your SAP landscape against unauthorized access and protect company-relevant data from misuse

Download white paper (in German)

Current threats to IT systems

Special challenges in SAP landscapes

Disciplines of SAP Cyber Security


The IT threat situation has changed

Companies today are dealing with a different type of attack on their IT systems than in the past. Whereas attacks used to be random and unorganized, they are now much more targeted and planned. And it is not only large corporations that have to fear cyber attacks − smaller companies are also increasingly affected and must therefore ensure a high level of protection. Another challenge: Hybrid system landscapes with a combination of on-premise systems and cloud applications are complex in their architecture and therefore particularly complex to protect.

The biggest weak point in cyber security is the user. Attackers repeatedly try to exploit the “human factor” as the supposed weakest link in the security chain and realize their criminal intentions in this way. Social engineering is used to persuade users to install malware or hand over sensitive data. In addition, software security vulnerabilities are also repeatedly used by cyber criminals as a gateway. A lack of security patches and updates, overly broad authorizations and inadequately secured services also have a negative impact on a company’s cyber security.

In view of the serious threat situation, cyber security is to be increasingly improved with the help of legal regulations. Since May 2023, operators of critical infrastructures (CRITIS) in Germany have had to comply with the regulations of the IT Security Act 2.0 (IT-SiG 2.0). The NIS 2 directive of the EU even exceeds the IT-SiG 2.0 in its regulations. All companies covered by NIS 2 are required to implement a range of cyber security measures to protect their IT infrastructure, networks and critical services. EU member states must have implemented the regulations of NIS 2 in national law by October 2024 at the latest.

The key facts about NIS 2 – download now (in German)

88 %

of German companies were affected by cyber attacks in 2020/2021

EUR 226 bn

Total damage per year in Germany due to theft, espionage and sabotage

+ 358 %

Damage from ransomware attacks since 2019

144 million

new malware variants were discovered in Germany from June 2020 to May 2021

„Cyber attacks have become an enormous threat to the German economy. According to our findings, one in ten companies therefore sees its existence threatened.“

Susanne Dehmel, Member of the Executive Board of the digital association Bitkom


Security of SAP systems as a double challenge

With regard to cyber security, SAP systems play a special role in several respects. On the one hand, they are a worthwhile target for attackers because they contain a lot of sensitive data (for example, employee data, financial data, and supplier data). Consequently, this data is particularly worthy of protection. Due to the paramount importance of SAP systems for many fundamental business processes, companies are at risk of production downtime, data loss and damage to their reputation if cyber criminals successfully attack them.

On the other hand, due to their complexity, SAP systems offer numerous gateways for attackers that need to be monitored. But how exactly do unauthorized persons gain access to SAP systems? The most popular starting points are standard passwords, poorly secured dangerous services, overly broad authorizations and missing security patches.

The goal of SAP Cyber Security is to protect company-relevant data and information from unauthorized access. The aim is to detect threats promptly so that the period between the attack itself and its detection remains as short as possible. To achieve this, all processes within the SAP systems should be monitored continuously in the background. In this way, conspicuous processes can be detected quickly and appropriate countermeasures can be initiated.

Your contact person


Simon Toepper

+49 7131 2711-3000

SAP applications play a fundamental role in the execution of business processes. They process and store a large amount of sensitive and critical data. Protecting SAP systems from unauthorized access is therefore of existential importance for companies.

The right strategy for the best possible protection

Individual measures are not enough to effectively protect the digital heart of the company in the long term. Instead, a holistic view of cyber security in the SAP environment is required. Only if the SAP security strategy is seamlessly integrated into the company’s general IT security strategy can security threats be minimized and negative consequences for the company averted. Key measures include:

Preventive measures

The ideal strategy when it comes to cyber security is to take a two-pronged approach by effectively combining preventive measures with continuous system monitoring. Preventive measures form a fundamental part of the SAP security concept because they make an external attack as difficult as possible. In the best case, attackers are not even able to overcome the security hurdles and penetrate the SAP system landscape to cause damage. The most important preventive measures include, for example, tailored authorizations and a clear role concept.

Continuous monitoring of systems

Despite all these precautions, attackers may still be able to bypass security measures and gain access to systems. With the help of so-called SIEM solutions (SIEM = Security Information and Event Management), companies create the technical prerequisites for detecting, analyzing and defending against hacker attacks. Permanent monitoring improves security, identifies anomalies and suspicious activities, and thus detects threats to cyber security.

Read more about the current legal requirements for cyber security

NIS 2 | What companies need to do | IBsolution

NIS 2: What companies must do for their cyber security

The European Union has created a new cyber security standard to better protect companies from cyber attacks: On January 16, 2023, NIS 2 came into force as the new EU cyber security directive. EU member states have until October 18, 2024 to implement the provisions of NIS 2 into national law. For Germany, a first draft of the IT Security Act 3.0 is expected soon.
Read more
NIS 2 sets stricter legal requirements | IBsolution

Cyber security: NIS 2 sets stricter legal requirements

In its provisions, the NIS 2 directive goes well beyond the German IT Security Act 2.0. All companies covered by NIS 2 are required to implement a range of cyber security measures to protect their IT infrastructure, networks and critical services. In the event of violations, companies face severe fines of up to ten million euros or 2% of annual revenue.
Read more
IT Security Act 2.0 | IBsolution

IT Security Act 2.0: Additional obligations for CRITIS companies

Since May 1, 2023, operators of critical infrastructures (CRITIS) must have implemented enhanced security measures for their IT. This is what the IT Security Act 2.0 stipulates. The aim is to increase the IT security of critical infrastructures in the face of rapidly increasing cyber attacks and ever-advancing digitalization.
Read more

Cyber security in the OSI model


The OSI model (also called ISO/OSI layer model) is a reference model to describe the communication between systems. It is composed of seven different layers, each of which fulfills its own tasks. Threats to security can occur in any layer of the model. Therefore, with respect to cyber security, each layer must be secured on its own to prevent potential intruders from gaining access to the entire system. Network intrusion and data compromise can become an existential threat to organizations.

1st layer: Physical layer

The biggest threat to the physical layer is the disruption of electrical signals transmitted between network nodes. This happens, for example, through the cutting of cables, natural disasters where floods cause short circuits, or human vandalism.

To avoid outages, companies use multiple network lines. Likewise, it is recommended that all core elements of the network, such as servers and storage, be housed in different redundant cloud data centers.

2nd layer: Data Link Layer

The data link layer ensures the reliable transmission of data over a physical connection. Measures for higher security primarily start with improving port security. Switches are configured to limit the ports that can respond to DHCP requests. Additional protection is provided by installing intrusion detection systems (IDS).

3rd layer: Network layer

Routers are the most common gateway into the network layer. Attackers cause an overload of the router by bombarding it with requests so that it can no longer accept genuine requests.

The most effective protection against this is consistent adherence to router, firewall and switch configuration best practices. The router operating system should always be up to date. It is also advisable to block all unused ports and disable unused services and interfaces. Other protective measures include regular audits of unusual activity and encryption of all switch traffic.

4th layer: Transport layer

Transport Layer Security (TLS) secures all communication between web servers and browsers. TLS is a cryptographic protocol for end-to-end communications security over networks, used for internet communications and online transactions. This is intended to prevent eavesdropping, reading, and forging of messages on the transport layer.

5th layer: Session layer

The session layer manages the establishment and termination of the connection between communicating end devices and thus ensures process communication between two systems. A connection is maintained while the two endpoints are talking to each other. Regular version updates and patches for the hardware are used to eliminate existing or potential vulnerabilities in terms of security.

6th layer: Presentation layer

The most common threats on the presentation layer are manipulated SSL requests. Attackers use SSL to tunnel HTTP attacks and attack the server. Effective protection requires high effort, as SSL encryption checking is extremely resource-intensive.

7th layer: Application layer

The application layer is the interface to the users, who make contact with the network here. The users represent the greatest vulnerability in the entire network and often serve as a starting point for attackers to gain access to the network. Attacks are typically carried out with viruses, worms and Trojans, as well as via program vulnerabilities or security holes in the applications.

Accordingly, the application layer is difficult to protect. The most important security measures include firewalls and secure web gateway services. Application monitoring using special algorithms should be an important part of the security concept.

Cyber Security | IBsolution


Discover the disciplines of SAP Cyber Security

Identity Lifecycle Management | IBsolution

Identity Lifecycle Management

Identity lifecycle management is part of enterprise security and describes all processes for assigning roles and authorizations − from when an employee joins the company, through changing responsibilities or even department changes, to when he or she leaves.

Learn more
SAP Identity Management | IBsolution

SAP Identity Management

SAP Identity Management focuses on the traceable management and consistent distribution of digital identities throughout their lifecycle – assignment, repeated adjustments, deletion.

Learn more
SAP Access Control | IBsolution

SAP Access Control

SAP Access Control is a product for identifying risks, minimizing risks, and automating workflows. The focus is on the traceable management and consistent distribution of users and authorizations throughout their lifecycle.

Learn more
SAP Single Sign-On | IBsolution

SAP Single Sign-On

SAP Single Sign-On enables end-to-end authentication against SAP and non-SAP applications. Central management of access data increases security, as only one user ID is required for all applications.

Learn more
SAP Cloud Identity | IBsolution

SAP Cloud Identity

SAP Cloud Identity solutions enable authentication (IAS), single sign-on (SSO) and provisioning (IPS) against SAP cloud systems. Especially in hybrid system landscapes, they ensure complete integration.

Mehr erfahren
SAP Authorization Management | IBsolution

SAP Authorization Management

Authorizations in SAP systems grant users access to the applications they need to perform their activities. In order to map the processes securely and correctly, SAP authorizations must be subject to regular control and post-processing.

Learn more
SAP Enterprise Threat Detection | IBsolution

SAP Enterprise Threat Detection

With SAP Enterprise Threat Detection (ETD), companies protect themselves effectively against cyber threats. The software provides a detailed overview of suspicious activities in SAP landscapes and detects breaches as they occur. This enables companies to neutralize threats at an early stage.

Learn more
SECMENDO product suite | IBsolution

SECMENDO product suite

The tools of the SECMENDO product suite extend the capabilities of existing SAP Identity & Access Management (IAM) solutions. The goals are an improved user experience, enhanced functionality and more efficient processes.

Learn more

Would you like to learn more about the various disciplines of cyber security and effectively protect your company from attacks?

Simply complete the form and submit it. We look forward to your inquiry and will contact you as soon as possible.