We Wrote the Book on SAP Cybersecurity

Tim McKnight
Onapsis Board Director and former CSO at SAP

“SAP systems are the backbone of global commerce. This book is a wake-up call and, whether you’re a seasoned security pro or experienced SAP administrator, it will transform your understanding of SAP security and equip you to face today’s sophisticated threats”

We partnered with SAP Press to deliver the definitive guide to Cybersecurity for SAP

About the Cybersecurity for SAP Book

Getting Started

Walk through SAP cybersecurity principles, concepts, and frameworks in the context of your SAP system. Learn why your baseline SAP landscape needs additional cybersecurity protection and which tools can be used to defend which parts.

Implementing Cybersecurity

Establish robust cybersecurity practices in your SAP landscape! Build a review process for patch day, detect anomalies, create a backup strategy, assess the impact of the cloud on your security protocols, and much, much more.

Frameworks and Tools

Discover how to map SAP security functions to standard frameworks like NIST, ISO, and CIS. Explore tools for securing your landscape, such as SAP Trust Center, and discover the RISE with SAP shared responsibility model.

Interested in a Free Chapter?

Fill out the form to download a full sample chapter and be entered into a monthly drawing for a FREE eBook or hard cover copy.

This is the only place to get your complimentary chapter of Cybersecurity for SAP.

If you want to purchase a copy, we also have a 15% discount code (SCAUTH15) when you order directly from SAP Press.

These, landscapes SAP landscapes have been evolving over time into becoming a completely hybrid approach where you have parts of the landscape, on premise, parts on public cloud, parts on private cloud, software as a service, platform as a service, infrastructure as a service. All of these interconnected, which makes organizations embrace, which is a good thing, embrace new technologies, embrace innovation, increase the the pace of innovation and the speed of technology adoption. But it could leave them, exposed to, new risks and, potentially misconceptions of who has to deal with what, and understand the the technology, understand the the risks, the vulnerabilities. So that’s why, at this point in time, the topic of this, book is super important because we need more professionals, well versed into cybersecurity for SAP. It would teach readers first the fundamental about cybersecurity, the whole CIA triad. I talk about the SAP landscape, what it means from the new, an SAP landscape had been changing. I think I know JP mentioned about that as well. Like, it’s no longer within on prem. It’s no longer a l a legacy system, which is sitting within a firewall. Right? It’s changing to more cloud, more hybrid environment. So I guess the book would teach our readers, fundamentals, understand SAP landscape, understand cybersecurity, then going deep into it. How do you build your SAP cybersecurity program? The answer to that question is yes. It does both. I would say it’s more of a foundational book, though, because we go into the foundational concepts of security of SAP technology. Because, what’s very important is that to understand how to secure something, you need to understand also how how that something works or or what are the caveats, interconnections. What what is the technology? What are the services? You need to understand how it works, to properly secure it. Right? So this book focuses a lot on that. We go through, the technology landscapes of SAP applications, the concepts. Hey. Understand that when you deploy an SAP application, you have all of these components. You have all of these building blocks. We start going from the more generic concept of, for example, a landscape or a product. Hey. I I installed Sfour HANA. Okay. Now we start digging deeper and deeper into what it means, ultimately going into the specific services and configurations and and concepts, related to that. I think some knowledge about SAP. I think when we have been thinking about envisioning who is our reader, we thought it it would be somebody who knows about SAP, maybe our SAP security for professionals who are still doing traditional security, maybe a auditor, maybe our compliance folks, maybe a business person, or it can be a InfoSec person or even Cesar who kind of still thinks SAP is a black box. So I think you don’t need to know a lot about anything. If you know if you don’t understand SAP on a very high level, it’s good. But even if you are, like, a beginner, I think you would find value from the book because we have tried to make it fundamental, very basic, at least in the beginning. I have a background in cybersecurity. So I started working in cybersecurity almost twenty years ago. And I I I go very I’m very technical, so I go very deep into, the technology, the services, the operating operating systems. I did that also through my journey on around SAP security. And while doing that, I was able to understand the the concepts, the problems, the vulnerabilities, the risks affecting SAP applications. And that’s what what I dumped into the book. Right? So it was a a very good collaboration with Rob, because he brings, a client’s perspective. Right? A company, an organization navigating the challenges of implementing cybersecurity for SAP, whereas I come more from the the the technical side, more like, hey. If you talk about cybersecurity for I think these are the elements that you need to address. These are the concepts. These are the topics. This is the technology. These are the risks, vulnerabilities. So we complimented it very well, while writing this book.

Cybersecurity for SAP: Meet the Authors

In a world where organizations are increasingly adopting hybrid SAP landscapes, the book emphasizes the critical need for professionals skilled in SAP cybersecurity. It covers essential cybersecurity principles, including the CIA triad, and guides readers in establishing a robust SAP cybersecurity program. The authors, each with nearly two decades of experience, provide insights into the evolving nature of SAP systems and the importance of understanding SAP services for effective security. Aimed at both seasoned SAP security professionals and newcomers, the book offers foundational concepts necessary for navigating the complexities of SAP security.

About the Authors

Gaurav Singh is an SAP cybersecurity manager at Under Armour with more than 19 years of experience and a proven track record of helping organizations protect themselves from cyber threats while maximizing their SAP investments.

Juan Pablo ‘JP’ Perez-Etchegoyen is the chief technology officer at Onapsis. With more than 20 years of experience in the IT security field, JP is a leading expert in business-critical application security, specializing in safeguarding ERP landscapes.

SAP Cybersecurity Q&A with Authors Gaurav Singh and Juan Perez-Etchegoyen

Authors Gaurav Singh and Juan Perez-Etchegoyen recently took part in the SAP PRESS Book Club webinar series, where they answered reader questions about cybersecurity for SAP over the course of an hour.

Ready to eliminate your SAP cybersecurity blindspot?

Let us show you how simple it can be to protect your business applications.

Safeguarding Tomorrow: Empowering SAP Customers with Advanced Cyber Risk Management

Securing Your Future: Preparing for a Successful SAP RISE Transformation

Executive Threat Overview: Reported SAP Cyber Attack Severely Impacts Business Operations, Compromises Data at Global Manufacturer

Critical SAP Zero-Day Vulnerability Under Active Exploitation (CVE-2025-31324)

10 Reasons Why More Companies Choose Onapsis