Hear how Merck, a global leader in healthcare, science, and technology, has developed a cyber resilience strategy for their SAP S/4HANA Cloud environment using Zero Trust principles in the S/4HANA Private Cloud. Lessons learned emphasize collaboration, proactive security, SAP and partner technologies, user engagement, and an understanding of shared responsibilities. By attending this session, attendees will leave with ideas to strengthen their security posture and address evolving cyber threats in the SAP S/4HANA environment.

Community is a three-legged stool made up of Events, Platform, and Omnipresence (meeting members where they are). AI reshapes how people interact, but not why they gather. 
Taking place in the Brew Park during Pub Night in the Exhibit Hall, this session discusses how the SAP Community was formed, where it is now, and what its future looks like in a human-human, member-focused world. 

• AI reshapes how people interact, but not why they gather.
• As AI scales content, trust becomes the differentiator.
• The future is not AI vs humans. It’s AI accelerating connection.

Ask the Experts sessions provide an informal setting to connect one-on-one with subject matter experts and experienced end users on specific areas of expertise. Bring your pressing questions and be ready to discuss your key challenges and priorities.

Topics covered: SAP S/4HANA Brownfield Upgrade Security, Fiori Security Governance, SoD-Compliant Role Design, and RISE Licensing Optimization.

Ask the Experts sessions provide an informal setting to connect one-on-one with subject matter experts and experienced end users on specific areas of expertise. Bring your pressing questions and be ready to discuss your key challenges and priorities.

Topics covered: Zero Trust, Private Cloud ERP Security aligned to SAP Shared Responsibility

Ask the Experts sessions provide an informal setting to connect one-on-one with subject matter experts and experienced end users on specific areas of expertise. Bring your pressing questions and be ready to discuss your key challenges and priorities.

Topics covered: Cybersecurity, Authentication (SSO and MFA), Threat detection, Audit and Compliance, and Patch Management.

Kick off SAPinsider 2026 with pre-conference gatherings designed to connect you with peers navigating similar priorities, decisions, and challenges. These facilitated roundtable conversations create space for candid exchange, shared experience, and practical insight in a relaxed setting before the main agenda begins. Choose a discussion aligned to your interests and walk away with fresh perspectives and new connections that set the tone for the rest of the week.

Threat intelligence indicates that threat actors have been evolving in recent years to target and exploit SAP applications to deploy ransomware, perform financial fraud, access SAP information, and use SAP application infrastructure. Join this session to review the threat actors that target SAP applications and understand their tactics, techniques, procedures, and motivations. This session will incorporate a deep dive into the latest zero-day exploitation of CVE-2025-31324, which led to the compromise of hundreds of SAP applications worldwide. Additionally, you will learn from practical examples of techniques used by real threat actors. Understand how to assess, detect and prevent these attacks through practical security measures that organizations must take to secure their SAP landscape, including SAP S/4HANA and applications exposed through SAP BTP.

This session will cover:

• Known exploited vulnerabilities, attack vectors, and indicators of compromise that can help organizations detect security incidents affecting SAP applications.
• Practical mitigations and controls to secure SAP applications against known attacks.
• Simple steps to improve the security of SAP applications across on-premise and cloud environments.

Threat intelligence indicates that threat actors have been evolving in recent years to target and exploit SAP applications to deploy ransomware, perform financial fraud, access SAP information, and use SAP application infrastructure. Join this session to review the threat actors that target SAP applications and understand their tactics, techniques, procedures, and motivations. This session will incorporate a deep dive into the latest zero-day exploitation of CVE-2025-31324, which led to the compromise of hundreds of SAP applications worldwide. Additionally, you will learn from practical examples of techniques used by real threat actors. Understand how to assess, detect and prevent these attacks through practical security measures that organizations must take to secure their SAP landscape, including SAP S/4HANA and applications exposed through SAP BTP.

This session will cover:

• Known exploited vulnerabilities, attack vectors, and indicators of compromise that can help organizations detect security incidents affecting SAP applications.
• Practical mitigations and controls to secure SAP applications against known attacks.
• Simple steps to improve the security of SAP applications across on-premise and cloud environments.

SAP transformations—whether migrating to SAP S/4HANA, adopting SAP BTP, or expanding cloud capabilities—introduce significant cyber risk exposure. As organizations modernize their SAP landscapes, they must navigate complex threat vectors, evolving compliance requirements, and heightened data privacy concerns. Without a robust cyber risk strategy, transformation efforts can be delayed, disrupted, or compromised. This session explores how organizations can embed cyber risk management into the heart of their SAP transformation programs. You will learn how to identify and assess SAP-specific risks, implement controls aligned to transformation milestones, and build governance models that ensure security without slowing innovation. The session will also highlight common pitfalls and lessons learned from real-world SAP transformation projects. You'll leave with actionable strategies to strengthen their security posture across SAP environments, including cloud, hybrid, and on-premise deployments.

You will learn how to:

• Identify security risks unique to SAP transformation initiatives (e.g., SAP S/4HANA, SAP BTP). 
• Integrate cybersecurity controls into SAP project governance and delivery. 
• Align cyber risk management with regulatory and data privacy requirements. 
• Apply lessons learned from real-world SAP transformation case studies.

In an era where cyberattacks evolve faster than traditional defenses, understanding the anatomy of a breach is essential for any organization embarking on an SAP migration or transformation journey. This session provides a practical, enterprise-level view of how modern attacks unfold—and how to close the gaps before threat actors exploit them. We will deep dive into recent SAP platform attacks and provide step-by-step cyber intelligence details to guide you through the anatomy of a breach. Using a step-by-step walkthrough of real-world incident patterns, we will demystify how breaches progress—from initial foothold to lateral movement, privilege abuse, and data exfiltration.

We will explore security considerations and strategic actions to take preventative measures and/or implement secure-by-design guidelines as part of a migration/ transformation journey. From cloud and infrastructure security, identity and access governance, system hardening, integration security, data privacy and protection, to cyber defense mechanism, attendees will gain clarity on where security controls can fail and how to strengthen and design them.
Finally, we outline respectful and actionable best practices for building a defensible enterprise: implementing preventive and detective controls, designing a “secure by default” SAP landscape, establishing continuous monitoring, and integrating SAP security into broader enterprise resilience strategies.
Attendees will leave with a clear blueprint for strengthening their SAP environment, improving operational readiness, and putting the right safeguards in place to protect against the next breach.

In this session, you will:

• Learn how attackers establish an initial foothold in breach scenarios and specifically, common SAP‑related weaknesses exploited during intrusions, looking at techniques and privilege escalation.
• Understand techniques and escalations that progress toward data theft or business disruption.
• Discover best practices for building a defensible enterprise and effectively managing a breach.

As digital vulnerabilities grow more sophisticated, safeguarding the SAP backbone is no longer optional—it is a cornerstone of operational resilience. This session shows an aerospace and defence company methodology for shielding vital enterprise resource planning systems from modern exploits. We will examine the critical shift toward viewing security as a high-value investment rather than a functional expense. By prioritizing proactive defense mechanisms and dedicated resource allocation, organizations can transform their security posture into a competitive advantage.

In this session, you will:

• Elevate SAP as a Mission-Critical Investment: Shift the culture to treat the SAP ecosystem as a Tier 1 objective. It’s not just an expense; it’s a high-value investment that builds operational resilience and a distinct competitive edge.
• Proactive Defense and Resource Alignment: Stop playing catch-up. Adopt RTX-style frameworks for early risk detection and back them with dedicated resource allocation to neutralize vulnerabilities before they can be exploited.
• Future-Proofing through Innovation: Stay agile by maintaining a strategic roadmap that tracks defensive trends. This ensures your security posture evolves faster than the threats, protecting long-term business agility.

From reactive to proactive. This session will show how Siemens Healthineers protects his critical SAP assets proactively in a global environment on its transformation to SAP Cloud ERP Private (RISE with SAP). We'll explore how the company ensures resilience and robustness against evolving cyber threats and maintains operational continuity and regulatory compliance.

This session will explore

• SAP Cloud ERP Private (RISE with SAP) Security Strategy: Explore the specific security challenges and considerations of a large-scale migration and how a global company like Siemens Healthineers is addressing them. 
• The Role of Onapsis: Learn how a specialized security platform helps to protect critical SAP systems by providing continuous vulnerability management, threat detection, and compliance monitoring. 
• Ensuring Business Resilience: Discover the strategies and best practices Siemens Healthineers uses to maintain operational continuity and minimize disruption during its digital transformation. 
• Maintaining Regulatory Compliance: Understand how a proactive security strategy helps to meet and sustain compliance with global and industry-specific regulations, such as those in the healthcare sector. 
• Protecting a Global Environment: Gain insights into the complexities of securing SAP assets across a large, distributed, and global organization.

Join major UK retailer, Sainsbury’s, and SAP Cybersecurity leader, SecurityBridge, as they share how embedded security safeguarded Sainsbury’s SAP S/4HANA transformation from planning through go-live. Discover how proactive controls, automated checks, and real-time visibility eliminated blind spots and strengthened compliance and resilience. 

Speakers Sushil Barai and Elizabeth Murphy bring decades of enterprise security experience, offering practical lessons for SAP teams, architects, and CISOs looking to build security and trust into their digital core.

In this session, you will:

• Learn how SecurityBridge's embedded security safeguarded Sainsbury’s SAP S/4HANA transformation from planning through go-live.
• Discover how proactive controls, automated checks, and real-time visibility eliminated blind spots and strengthened compliance and resilience.
• Understand how native SAP security support can change the game for the SAP enterprise sector.

As SAP environments move to the cloud—whether through RISE with SAP Private Cloud Edition (PCE) or on hyperscalers—security teams face a larger attack surface and added complexity, while still needing to protect user experience and performance for SAP users.

In this session, Zscaler leaders will explain how a Zero Trust approach helps secure high-value SAP investments during and after cloud migration, featuring real-world customer perspectives from Siemens, Volkswagen, and Deutsche Börse.

In this session, you will:

• Learn about the security, operational, and user experience challenges of moving SAP to the cloud.
• Explore why modern security controls are critical to reducing risk across the SAP digital estate during and after migration.
• Hear how global enterprises like Siemens, Volkswagen, and Deutsche Börse are putting Zscaler solutions into practice.

As enterprises accelerate adoption of SAP S/4HANA Cloud, Ariba, and SuccessFactors, the complexity of managing cybersecurity, risk, and compliance across this fragmented ecosystem increases dramatically. This workshop provides a deep dive into how to operationalize the Shared Responsibility Model (SRM) across SAP cloud platforms. Attendees will be guided through a structured methodology to clarify ownership boundaries, embed security and compliance into SAP programs, and define a unified governance model. Interactive exercises and real-world case studies will equip participants with practical tools to identify control gaps, align cyber strategies with enterprise risk frameworks, and drive compliance across hybrid SAP environments. This session is designed for security, risk, and IT executives who want to go beyond theory and return with a blueprint ready to apply across their SAP cloud landscape.

You will learn how to:

• Apply the Shared Responsibility Model to SAP cloud applications to clarify ownership and reduce risk. 
• Design a unified cyber, risk, and compliance strategy across SAP S/4HANA Cloud, Ariba, SuccessFactors, and more. 
• Identify control gaps and implement governance models that scale across hybrid SAP environments. 
• Align SAP cloud security operations with enterprise risk frameworks and regulatory expectations.

As SAP landscapes transition toward hybrid architectures and cloud-native environments, the traditional perimeter of SAP security is disappearing. To protect the core of your business, organizations must move beyond simple compliance and adopt a proactive, enterprise-wide cybersecurity mindset. Join authors Gaurav Singh, Manager, SAP Cybersecurity, Under Armour and JP Perez-Etchegoyen, CTO, Onapsis for an exclusive "Meet the Authors" session. Drawing from their comprehensive SAP Press book, "Cybersecurity for SAP," the authors will explore how to evolve your defense strategy to meet modern threats.

In this session, you will:

• Focus on System-Level Focus: Addressing vulnerabilities isn't just about patching; it's about understanding real-world threat scenarios—how an attacker might actually move through your landscape.
• Understand the importance of Cross-Functional Roles: Whether you are an Enterprise Architect or a Developer, security is now a core part of the job description to ensure "secure by design" principles.

This session provides a comparison between traditional on‑premise SAP security operations and the security model used in SAP RISE. Participants will learn how the shift to a cloud‑managed environment changes visibility, control, and responsibility—especially regarding security logs, monitoring, and incident response. By the end of the session, the audience will understand the key differences, what security capabilities they retain, what SAP takes over, and how to adapt their security operating model for RISE.

SAP Cloud Identity Services are central to modern SAP landscapes - but many programs struggle with where IAS/IPS fit, how trust is established, and how SAP BTP security concepts translate into real configuration decisions. This session will clarify the positioning of Identity Authentication Service (IAS), Identity Provisioning Service (IPS), and related components, then connect those fundamentals to SAP BTP security essentials. You will see live demonstrations of common trust setups, group management patterns, authentication options, and a first IPS integration scenario. Take-home exercises will help you replicate the configurations later in your own environment.

By the end of this session, participants will be able to:

• Explain the purpose and positioning of SAP Cloud Identity Services (IAS/IPS) within SAP’s IAM landscape.
• Describe core SAP BTP security constructs (global account, directories, subaccounts, entitlements, role collections).
• Establish and validate trust relationships between IAS and SAP target systems (and common SAP cloud services).
• Configure IPS connectivity patterns (cloud and on-premise via proxy) and understand typical integration flows.

Explore the details of functionality, differentiators, and important platform aspects in the latest SAP GRC On Premise and Cloud provisioning and compliance solutions. Gain detailed insights into the SAP Compliance applications of SAP GRC Access Control 12.0 and SAP Cloud Identity Access Governance and consider which application, platform, and functionality is best for current and long term compliance and provisioning requirements.

You will:

• Learn about the GRC evolution and why it is important to progress and plan ahead. 
• Discover how to identify where you are on the evolution roadmap, define where you want to be, and what it takes to get there through time and effort estimates. 
• Learn about SAP GRC application functionality through the lens of real customer examples of success and pitfalls at different stages of the GRC evolution.

As SAP customers embark on or plan for an SAP S/4HANA transformation, SAP security professionals must prepare for this new frontier. With the Clean Core approach, the SAP landscape is shifting toward an API-first model where SAP BTP, specifically SAP Integration Suite, is central. For organizations coming from the SAP PI/PO world, this this is a new environment with its own limitations and challenges. As SAP Integration Suite becomes the hub for both SAP-to-SAP and SAP-to-non-SAP integrations, the granular RBAC controls familiar from the ABAP/Java world are no longer available in the same way.
 
Join this session to:

• Gain clarity on how SAP Integration Suite reshapes integrations with a Clean Core.
• Learn about process and architecture considerations to secure and govern SAP Integration Suite.
• Walk away with guidance on tenant strategy, CPI security, API security, policy and identity and access management.

This session from SAP provides an overview of the latest news, enhancements, and strategic roadmap for SAP Security. It highlights recent innovations, key capability improvements, and upcoming developments designed to strengthen security, compliance, and resilience across SAP landscapes. Attendees will gain insight into SAP’s security direction and how these updates support evolving business and regulatory requirements.

AI and Agentic AI promise significant benefits, however, they bring security risks such as breaches of privacy and confidentiality, unauthorized access and action. The unpredictability of Generative AI also poses new risks. We must ensure chat bots, co-pilots and agents stay within their intended scope boundaries and authorizations. Agents that interact with business systems and especially those that can act on users' behalf need to be carefully controlled and these risks multiply when agents start collaborating together.
 
This session gives an overview of the security risks for AI workloads across the stack, from agent and application, down to the models, platforms, and infrastructure. This established cybersecurity practice helps to identify security risks so they can be addressed early. Join this session to learn techniques, tools, and services that SAP uses itself to secure AI workloads and minimize risk without inhibiting pace of innovation.

You will learn:

• Full-stack security risks for AI workloads (SAP or otherwise). 
• Core principles of AI and Agentic AI threat modeling and risk identification. 
• Techniques, tools and services that can help reduce security risks.

2025 was a dramatic wake-up call for business-critical application security, marked by critical zero-days, public exploits, and a significant rise in sophisticated, targeted attacks against SAP systems globally. Security Operations Center (SOC) teams are struggling to keep pace, frequently lacking the deep SAP threat insights and specialized exploit detection necessary to defend these complex, mission-critical assets effectively.

This session will provide security professionals with an in-depth, educational look at the new threat landscape, detailing the latest tactics, techniques, and procedures (TTPs) used by threat actors to directly compromise SAP applications.

You will learn:

• Key Lessons from 2025: Analysis of the most impactful SAP vulnerabilities, exploits, and breaches, including the anatomy of zero-day attacks and ransomware infiltration vectors.
• Next-Gen Methodologies: The essential tools and specialized threat insights required to overcome the knowledge gap and achieve effective, rapid defense for SAP.
• The Power of Unification: How Onapsis Defend (for specialized SAP context and exploit detection) and Microsoft Sentinel for SAP (for centralized SIEM, AI, and SOAR capabilities) integrate to provide a unified, accelerated incident response workflow that protects your critical business systems.
• Walk away with a clear roadmap for leveraging specialized threat intelligence and automation to optimize your SAP incident detection and response processes.

Are you ready to elevate your SAP security expertise? Join us for an immersive and interactive SAP Security Game, crafted to simulate real-world security challenges faced by organizations—with brand new use cases! Participants will navigate various scenarios designed not only to test but also to enhance their strategic and technical expertise in SAP security. This active session offers an invaluable opportunity to enhance your skills in security planning, compliance management, and breach response while promoting collaboration and learning in a supportive and competitive setting. Throughout the workshop, we will engage with three critical topics including preventative security control implementation, compliance request/audit handling, and security breach response. 

You will: 

• Learn to develop and implement robust security controls to safeguard your SAP environment. 
• Gain experience in efficiently managing and responding to compliance requests and audits with precision. 
• Practice responding swiftly and decisively to a simulated security breach, aiming to minimize damage and ensure business continuity.

Cybersecurity is no longer just an IT concern — it’s a business imperative. In a world of increasing regulatory pressure, AI-powered threats, and complex digital ecosystems, SAP environments remain high-value targets for cyberattacks. Yet many organisations still struggle to translate technical risks — such as unpatched vulnerabilities, excessive user access, and insecure integrations — into board-level conversations that drive action. Learn how to reframe SAP security from reactive protection to proactive value creation. Explore how to quantify risk in business terms, align with executive priorities, and build security strategies that support trust, compliance, and business continuity. With real-world insights from global operations and transformation programs, you'll leave with a practical framework for elevating cybersecurity to a strategic conversation.

You will learn how to:

• Speak the language of the business: Learn how to communicate SAP cyber risks to senior executives with impact — linking technical threats to financial, reputational, and operational outcomes.
• Prioritize what matters most: Discover how to assess and rank SAP vulnerabilities using likelihood and business impact — helping teams focus on what really drives risk reduction.
• Stay ahead of emerging risks — from AI-enabled threats to data sovereignty and new compliance pressures.

Many companies have standardized on Microsoft Active Directory user authentication (Kerberos) for Windows workstation logon as well as for application authentication and single sign-on (SSO). For example, SAP GUI SSO is often implemented using a Kerberos SNC library. In recent years, Microsoft has made enhancements to its products so that customers can gradually remove their dependency on Kerberos and Active Directory, and use Entra ID instead. The challenge has been how to support thick client applications (e.g., SAP GUI) when Kerberos is no longer available. Often SAML is used with web-based applications, but this doesn’t work with thick client applications. In this session, SecurityBridge will explain how recent innovations in their popular TrustBroker product now allow it to provide SSO and MFA using OpenID Connect (OIDC), without requiring any BTP service or additional infrastructure.

You will:

• Learn how to address the challenge of seamlessly moving away from Microsoft Active Directory authentication to Entra ID with thick client applications such as SAP GUI. 
• Understand how MFA can be enforced during (and after) logon based on a per-SAP system policy. 
• Discover how risk based and context aware authentication can be implemented; e.g. MFA might be enforced when a user tries to log on and that user has previously been identified conducting suspicious activity on that system.

This dynamic discussion session examines recent high-profile cybersecurity breaches to highlight how threats evolve, how attackers exploit vulnerabilities, and how impacts extend far beyond the breached organization. Attendees will learn how disruptions to systems, sensitive data exposure, and compromised third-party relationships can trigger financial losses, regulatory scrutiny, reputational damage, and supply chain instability. The session will also explore broader economic implications, including market volatility and increased operational costs for organizations that were not directly breached.

Join this session for an interactive discussion on:

• Strengthening security posture.
• Improving vendor risk management.
• Building resilience to mitigate far-reaching effects of modern cyberattacks.

SAP environments generate security signals that are hard for traditional SOC and MDR services to interpret because the “why” often lives in identity, authorizations, and business context - not just logs. As a result, teams face alert fatigue, slow triage, and containment steps that stay outside SAP in tickets and spreadsheets instead of becoming verified, auditable actions. 

In this session, we’ll show how an AI-driven SOC as a Service (SOCaaS) purpose-built for SAP connects SOC workflows with Identity Governance & Administration (IGA) to enrich detections with relevant context, automatically build evidence packs, and guide analysts from investigation to decision. 

You’ll learn how guardrail-based automation can handle SOC1/SOC2 tasks end-to-end while keeping SOC3 in control for high-impact approvals - so response actions remain governed and compliant. Finally, we’ll walk through a pragmatic adoption model that starts small (critical alerts and high-risk identities), proves measurable MTTA/MTTR improvements, and scales across on-prem and cloud SAP landscapes with an audit-ready trail from alert to verification.

In this session, you will:

• Understand why SAP security alerts require identity and authorization context - and why generic SOC playbooks often miss the real risk.
• Learn how to connect SOC operations with IGA to enrich detections with entitlements, role changes, SoD/critical access signals, and user lifecycle events.
• Discover an agentic triage flow that assembles an evidence pack automatically (timeline, correlated signals, and decision-ready proof).
• Learn how to reduce alert fatigue by automating SOC1/SOC2 tasks (deduplication, enrichment, investigation steps) while escalating only high-signal cases to SOC3.
• Explore a guardrails-first response model (recommend → approval → execute) that keeps actions governed, explainable, and compliant.
• See how to drive SAP-native response actions through your IGA or IAM applications - such as locking/logoff, deprovisioning, workflow approvals, and risk checks - rather than stopping at tickets.

As SAP environments move to managed cloud models such as SAP Cloud ERP Private Edition, traditional responsibilities in Basis, security, infrastructure, and operations are evolving fast.

In this session, we explore four SAP roles that are being fundamentally reinvented in the cloud era. What happens when you no longer manage hardware? When patching is automated? When some tasks become a shared responsibility? And when governance and business service level objectives matter more than system administration?

You’ll gain practical insight into how cloud operating models are redefining technical ownership and required skills — and how to position yourself to stay relevant and future-ready.