Retail and technology have become almost parallel entities in today’s business domain. Technology and data have always been important, even before the internet fully emerged. Retailers were keen on running their stores more efficiently and leveraging data to better understand their customers.

However, the internet morphed the grocery shopping experience into mobile shopping via tablets and smartphones, while retailers leveraged technology such as SAP to run highly complex operations that joined physical and online storefront processes such as inventory controls, order fulfillment, sales, pricing, customer service and returns.

Because of SAP’s vast amount of code and data, this also means retailers have constantly been weary of security threats – from both internal and external audiences. What’s more, they’ve also struggled to remain in compliance with changing regulatory expectations.

The challenging part retailers face is that even if they’re large enough to have a dedicated internal IT department, the focus remains on tying business operations to the IT function.

Here are three key areas retailers and IT staff must be aware of to help keep SAP data secure.

SAP systems

A large proportion of all SAP security vulnerabilities are a result of improper configurations to the broader SAP system. This area is difficult for IT staff to comprehend simply because there are so many settings in a typical SAP landscape. Interfaces are difficult to identify and manage, and patch management, for example, is not as easy with Windows applications.

IT personnel frequently consult with reliable SAP security experts that provide a comprehensive overview of all SAP interfaces, complete transparency of data streams, continuous protection of interfaces and a proactive approach to ongoing and automated monitoring of the entire system landscape.

Custom code

One of the great benefits of SAP for retailers is the ability to customize the system for the benefit of a specific retailer’s unique business. For instance, a large chain of restaurants will have slightly different IT business needs compared to that of an online food retailer. As such, the SAP system running both businesses and their functions will each be customized for their specific needs. In this case, custom code must be developed and implemented for the business to realize the benefits of SAP.

The challenge here is that there are millions of lines of custom code developed for SAP, and it is virtually impossible to manually scan this code for security vulnerabilities. What’s worse, developers typically do not have the proper knowledge needed to fully vet code for security vulnerabilities. To combat this, developers and businesses are now utilizing cutting-edge technologies that automate the scanning process of custom code implementations. These solutions are similar to a spell-checker system, and can quickly scan lines of custom code with the click of a button to help protect against any vulnerabilities.


Companies that use SAP software add in their own customizations and developments. This means that functions and settings are often modified and enhanced, which can lead to changes made to hundreds of objects every day, along with manipulation of data. These changes are reviewed and adjusted in development and test environments before getting deployed to the live production system. Unfortunately, these transport files can’t be checked before the import takes place to production, leaving systems vulnerable to stability issues when the data is transported.

Any slight modification during development and test environments can change critical settings of the data, leaving applications unable to operate or even result in a complete system failure. What’s worse, there can be possible intrusion situations that involve transporting a username and password or other critical data without drawing attention. In response, advanced SAP system solutions leverage technologies designed to ensure the integrity of transports, as well as configuration and application data that are critical for running error-free business operations.

Today’s business landscape is beyond complex, and the global economy digitally connects businesses, vendors and customers in a way that helps move information, services and goods at lightning speed. This velocity of commerce and vast network of interconnectivity also means businesses are vulnerable to malicious entrants organizations may not be aware of for weeks or even months. On average, it takes a company 80 days to realize its SAP system has been penetrated, and another 50 days until the vulnerability is fixed. By leveraging new SAP security solutions and technologies, companies of all sizes realize they will be defended in a more efficient way, keeping in compliance with the latest regulations and ensuring data and that of their customers remains safe.