Most SAP security programs are built around the same foundations: roles, authorisations, segregation of duties, and GRC. They are designed to pass audits. And for a long time, that was enough. It isn't anymore. As SAP landscapes shift toward hybrid and cloud-native environments, the traditional security perimeter is disappearing. Compliance frameworks were never designed to stop a determined attacker — and the gap between being compliant and being genuinely protected is where most organisations are most exposed.

In this session, Gaurav Singh — Senior Manager of SAP Security at Under Armour and co-author of the #1 bestselling SAP Press title Cybersecurity for SAP — makes the case for a fundamentally different approach. Drawing on nearly two decades of experience and the frameworks laid out in his book, Gaurav walks through what a complete SAP cybersecurity program actually looks like: one that bridges the gap between SAP security teams and enterprise cybersecurity functions, and treats protection as a continuous discipline rather than a point-in-time checklist.

This is a session for anyone who has ever assumed that a locked-down role matrix means a secure system — and wants to know what they might be missing.

What You'll Learn:

• Why traditional SAP security leaves critical gaps — and the non-traditional domains most programs overlook, from vulnerability management to threat detection to incident response
• How to use the NIST Cybersecurity Framework and SAP's Secure Operations Map to build a practical, risk-based security roadmap
• How attackers actually move through an SAP landscape — and what controls stop them at each stage
• How to close the divide between your SAP team and your cybersecurity team, and why that divide is your biggest unmanaged risk
• What the RISE with SAP shared responsibility model means for your security obligations in the cloud