White Paper: The Critical Controls Implementation for SAP

By:

January 15, 2021

Onapsis, in collaboration with The Cloud Security Alliance (CSA), a not-for-profit organization dedicated to raising awareness of best practices to help ensure a secure cloud computing environment, has completed The Critical Controls Implementation for SAP white paper. The Critical Controls Implementation for SAP is the first in a series of implementation documents that focuses on specific ERP technologies and aids organizations in securely migrating to and operating ERP applications in cloud environments. In this document, the working group focuses on providing guidelines on controls implementation as well as a set of checklists for SAP administrators. Download this white paper now for control implementation guidance on a variety of controls.

Download Now

Onapsis Resources

 

Tags, , , ,
About the Author
JP

JP Perez-Etchegoyen

As CTO, JP leads the innovation team that keeps Onapsis on the cutting edge of the Business-Critical Application Security market, addressing some of the most complex problems that organizations are currently facing while managing and securing their ERP landscapes. JP helps manage the development of new products as well as support the ERP cybersecurity research efforts that have garnered critical acclaim for the Onapsis Research Labs. JP is regularly invited to speak and host trainings at global industry conferences, including Black Hat, HackInTheBox, AppSec, Troopers, Oracle OpenWorld and SAP TechEd, and is a founding member of the Cloud Security Alliance (CSA) Cloud ERP Working Group. Over his professional career, JP has led many Information Security consultancy projects for some of the world’s biggest companies around the globe in the fields of penetration and web application testing, vulnerability research, cybersecurity infosec auditing/standards, vulnerability research and more.

More about this author
Back To Blog

Further Reading

Blog

The Utilities Guide to SAP RISE: Navigating Shared Responsibility and Security

Electric utilities operate in a highly regulated physical domain. As organizations like Oklahoma Gas and Electric (OG&E) modernize their enterprise resource planning environments, executing a secure RISE with SAP business transformation requires a fundamental shift in defensive strategy. Defending the enterprise core requires security leaders to understand that migrating to a hyperscaler does not eliminate…

Read More
Blog

The 2026 SAP Security Assessment Checklist

Conducting a comprehensive SAP security assessment is a mandatory operational requirement for modern enterprises. As organizations deepen their reliance on SAP and navigate increasingly complex RISE, S/4HANA, and BTP landscapes, the threat environment heading into 2026 is more active and more unforgiving than ever. Executing a structured SAP risk assessment provides the exact visibility required…

Read More
Blog

Kerberos & RC4 – What It Means for SAP Customers and How Onapsis Helps

Microsoft is changing how Windows Kerberos handles RC4, an old, insecure encryption algorithm that has historically been the default service ticket encryption for user-account SPNs (the category most SAP service accounts fall into) whose msDS-SupportedEncryptionTypes attribute is unset. The final enforcement phase begins July 2026. SAP environments with service accounts in this state, and keytabs…

Read More