Paul Laudanski Director, Security Research @ Onapsis Offensive Security Research
As organizations continue migrating to S/4HANA and cloud or hybrid environments, security requirements for SAP landscapes are increasing. The Onapsis Research Labs have published a 2026 checklist outlining four priority areas for action.

Securing SAP landscapes remains one of the central tasks for corporate IT and security teams. As organizations continue their transformation toward S/4HANA and cloud or hybrid environments, the demands on cybersecurity, compliance and operational resilience are rising in parallel. Against this backdrop, the Onapsis Research Labs led by Paul Laudanski, Director, Security Research @ Onapsis Offensive Security Research, the research unit of SAP security specialist Onapsis, have published a checklist for 2026 that outlines four areas requiring particular attention.

Continuous assessments and patch management

A first priority is vulnerability and patch management. According to the checklist, this includes the timely implementation of SAP Security Notes and HotNews, reviewing security-critical configurations, and securing components such as SAProuter, Web Dispatcher, or encrypted communication links. Many organizations, the Onapsis Research Labs note, still rely on manual processes and thereby take on unnecessary risk, for instance through delayed response times to critical vulnerabilities. An automated review of security advisories, by contrast, can offer speed, efficiency and added context; specialized solutions for automating these processes are already available.

Identity management and threat detection

The second area concerns the management of identities and permissions. Overprivileged user accounts remain among the most common security risks in enterprise applications, the checklist states. Recommended measures include regular reviews of authorization concepts, consistent implementation of segregation of duties, and control of privileged accounts and emergency access. Organizations should also enforce multi-factor authentication for administrators and external access, and regularly reassess their identity and provisioning processes. Given increasingly efficient AI-driven cyberattacks, early attack detection is also gaining importance. The Onapsis Research Labs recommend deploying SAP-specific threat detection and integrating relevant SAP telemetry data into existing SIEM and SOAR platforms.

New requirements from cloud and hybrid landscapes

As business-critical processes increasingly shift to cloud environments, the shared-responsibility model is also growing in importance, according to the checklist. While providers take on certain infrastructure tasks, responsibility for business data, user access, authorization concepts, APIs and custom developments remains with the user organization itself. Companies should regularly review this division of responsibility, the Onapsis Research Labs note, to avoid security gaps at the interface between provider and user responsibility.

Compliance and resilience

The fourth focus area concerns regulatory requirements. SAP security controls must be continuously aligned with standards such as ISO 27001, DORA, NIS2 or NIST, according to the Onapsis Research Labs. Automation can also help here, enabling faster and more efficient delivery of compliance evidence. Equally critical, the checklist states, are regularly tested backup and disaster recovery concepts, documented recovery plans, and targeted training for SAP, IT and SOC teams to enable a fast, coordinated response in an emergency.

The checklist’s central message: SAP security is not a one-time project but requires consistent implementation of fundamental measures and continuous security checks across all four areas. For IT and security leaders at SAP-using organizations, the checklist is likely to serve as guidance for prioritizing security measures over the coming year. The full checklist from the Onapsis Research Labs is available online.

By Jakob Jung

Dr. Jakob Jung is Editor-in-Chief of Security Storage and Channel Germany. He has been working in IT journalism for more than 20 years. His career includes Computer Reseller News, Heise Resale, Informationweek, Techtarget (storage and data center) and ChannelBiz. He also freelances for numerous IT publications, including Computerwoche, Channelpartner, IT-Business, Storage-Insider and ZDnet. His main topics are channel, storage, security, data center, ERP and CRM. Contact via Mail: jakob.jung@security-storage-und-channel-germany.de

Leave a Reply

Your email address will not be published. Required fields are marked *

WordPress Cookie Notice by Real Cookie Banner