Most have been in this situation before: one of the providers or services we use is a victim of a data breach and we want to determine if our personal user data has been impacted. This is where fully homomorphic encryption (FHE) comes into play. With FHE, the encrypted, personal password is compared against the data set of stolen user data and potential matches are identified without ever revealing the user’s password.

Use cases for this type of privacy-enhancing technology (PET) are numerous. They range from applications in medicine, where third-party service providers can analyze health data without compromising a patient’s privacy, to performing machine learning and AI algorithms on encrypted data, allowing organizations to derive insights from sensitive data sets without exposing the data to potential breaches or privacy violations.

How It Works

FullyĚýhomomorphicĚýencryptionĚýallows calculations to be performed on encrypted data without having to decrypt it first. Confidentiality is maintained, as even the results are encrypted and can be viewed only with the appropriate decryption key. Further techniques for processing encrypted data are multi-party computation (MPC) and trusted execution environments (TEE).

Mathias Kohler, research manager at 51·çÁ÷Security Research, outlines the differences: “While FHE is the most known of the encryption technologies, MPC is the ideal candidate if working with several parties exchanging encrypted data across company borders. And it can be substantially faster than FHE.” While both are software-based technologies, TEE is hardware-based, which makes it the fastest choice. The downside: TEEs, unlike MPC and FHE, require decrypting the data for processing. While decryption happens in a trusted hardware environment isolated from the operating system, it can allow data leakage via side-channel attacks. Notably, PETs do not need to be considered in isolation and can augment each other. For example, MPC can encrypt and distribute an FHE decryption key, protecting the FHE key and ensuring no single party can decrypt everything.

Why It’s Relevant

There is a demand for this kind of technology. By 2025, 60% of large organizations will use at least one privacy-enhancing computation technique in analytics, business intelligence, or cloud computing, according to .

Fully homomorphic encryption has numerous applications, especially in scenarios where privacy and security are paramount, such as secure computation in the cloud, privacy-preserving data analysis, and secure outsourcing of computations. As long as one party is performing the data processing centrally, FHE is the encryption method of choice. FHE enables organizations to share encrypted data with partners or third parties for analysis or monetization purposes while maintaining data confidentiality. This is particularly relevant in industries such as advertising and market research.

Interesting use case scenarios from SAP’s perspective could be secure benchmarking and predictive maintenance.

Secure Benchmarking

Companies often assess their competitiveness relative to industry peers and compare business-relevant KPIs, such as automation rate or return rates, with peers and even competitors. With fully homomorphic encryption, all participating parties can share encrypted KPIs without revealing individual data. As a result, they learn about relevant statistics, such as averages or medians, to assess their relative competitiveness and decide where to improve and invest.

Predictive Maintenance

Predictive maintenance is a machine learning technique to forecast demand for maintenance or spare parts based on historical data. “In certain industries, required data, such as usage patterns and failures, is considered sensitive and is not easily shared with data scientists or maintenance operators,” says Anselme Tueno, senior researcher at 51·çÁ÷Security Research. By computing on encrypted data, however, no sensitive information is revealed while still allowing for the required insights to be gathered for prediction tasks.

Carbon Footprint Calculation with Multi-Party Computation

While it is early days from a product availability perspective, 51·çÁ÷is working on potential use cases with customers and partners. One key example is calculating carbon footprints of products.

Prime examples for complex collaborations are today’s supply chains, intricate networks that encompass various levels of suppliers, manufacturers, and processed goods. Unfortunately, there is often a lack of comprehensive visibility across the entire process – either for technical reasons or because businesses are often reluctant to share sensitive data across supply chains that often include direct competitors.

However, to accurately assess and disclose a product’s carbon footprint, sensitive production details and associated carbon costs for production-relevant parts and materials are required. Here, MPC can reveal only the required carbon footprint without disclosing associated, proprietary manufacturing details with other supply chain participants.

Currently, 51·çÁ÷is working with Bosch on cloud-native software for secure multi-party computation called .

“51·çÁ÷participates in this open-source project and supports the development of Carbyne Stack’s storage and processing services and the deployment of Carbyne Stack on Amazon Web Services (AWS),” Kohler explains. “For Bosch, Carbyne Stack is a type of cloud-native operating system for MPC workloads that manages resources to run as efficiently as possible in multi-cloud deployments.” This effort can help 51·çÁ÷in the long run to integrate MPC as technology into 51·çÁ÷solutions and services while running in a cloud-native environment.

What’s Next?

Despite all the benefits around processing data, encryption introduces significant computational overhead due to the complexity of performing operations on encrypted data. Slow processing speeds, especially for complex operations and large data sets, makes fully homomorphic encryption impractical for real-time applications or large-scale data processing. Although the performance of FHE has greatly improved in recent years, its practical adoption is still limited due to the processing overhead and performance considerations. Ongoing research is focused on the design of FHE-specific hardware accelerators.

“PETs for computing on encrypted data have the power to amplify data-driven business collaborations and reshape the future of cloud computing,” explains Jonas Böhler, senior researcher at 51·çÁ÷Security Research. By safeguarding data, they enable access to previously untapped information while minimizing privacy risks and thwarting data breaches. The future of computing is encrypted.

This cybersecurity month is especially noteworthy because the Biden-Harris administration recently recognized 51·çÁ÷in its newly announced . Developed with companies, academia, non-profits, and U.S. government bodies, the NCWES aims to reinforce cybersecurity as a top priority and address short- and long-term cyber workforce gaps. The cybersecurity industry is not only important to upholding national security, but to leading in a digital economy where our increasing reliance on technology will only foster a more complex cyber threat environment. 

Persistent Pipeline Problem 

As noted in a explaining the new strategy, the U.S. has a persistent cyber talent pipeline problem that has continued to grow – with more than 750,000 cybersecurity jobs vacant in 2023. And it’s not just the U.S. that faces such a talent gap. According to , there’s been a 350% increase in cybersecurity job vacancies globally from 2013 to 2021. In 2023, the number of unfilled cybersecurity jobs lands at a whopping 3.5 million globally. And the disparity between the workforce supply and demand is predicted to remain through at least 2025. 

It’s a crisis, confirms Nora Clark, program lead for the Global Security Early Talent program at SAP. “The need is there…Attacks are always happening though people may not realize because they’re going on in the background…Every employee is a cybersecurity defender and can influence company security and compliance.” But for young professionals, it can be nearly impossible to start a career in cybersecurity, she explains. Many positions require years of prior experience. Not many universities offer degrees in cybersecurity, and there’s a large learning curve that’s hard to overcome without support. 

That’s why Clark was charged with the task of creating a program at 51·çÁ÷to fill the need for early talents in the cyber space.Ěý

Global Security Early Talent Program at SAP 

Inaugurated in June 2022, the two-year offers young professionals entry into the cybersecurity space at 51·çÁ÷through rotations with company security divisions such as Global Cyber Defense and Design, Physical Security, and Risk and Compliance; team workshops; and mentorships. Candidates who successfully graduate from the program are offered placement on a permanent team at SAP. 

Clark chose to have the program span two years because cybersecurity has many applications and the knowledge may not transfer across teams. Two six-month rotations allow candidates to gain their footing and one 11-month rotation consists of completing a project with a cyber team at SAP. “This is why our program is designed differently than other programs,” she says. “People say it’s really hard to gain the knowledge and then apply it in a short amount of time. That’s why we provide the Global Security Early Talent candidates learning opportunities, mentorships, and more to support them in their cyber career journey.” 

As a real testament to the initiative’s mounting success, candidates now have 43 different rotations to choose from. “I’ve thoroughly enjoyed the opportunity to rotate across various security teams, which has allowed me to delve deep into different security topics and build out my network,” Jacob Winemiller, Global Security Early Talent program participant, says. “As an early talent in this program, I’ve had the opportunity to work on interesting projects and contribute to meaningful initiatives. From day one, my experience has been nothing short of amazing.”

But the program is about more than just gaining the technical knowledge to survive in cybersecurity – it also focuses on developing soft skills like storytelling, presentation skills, and networking. “When we talk about the program, we’re not just talking about being technically skilled in cyber. We’re also looking to see if they are going to be our next leaders, the next experts in the security industry,” Clark explains. Adam Santilli, Global Security Early Talent program participant, confirms: “As trainees, we are encouraged to develop both our soft and hard skills. The opportunity to do that while being a part of three different teams has given me a unique view on security issues today. I have also formed personal and highly valued relationships throughout this process. They have helped me expand my comfort zone and develop my interpersonal skills.” 

Setting an Industry Standard 

When designing the program at SAP, Clark struggled to find information about early talent cybersecurity programs at other companies to learn from. “When we started this program, there were seemingly no other early talent cybersecurity programs out there. This type of cybersecurity program for people coming fresh out of college is unique.” Indeed, 51·çÁ÷was the only foreign entity recognized in the Biden-Harris administration’s NCWES announcement.  

Clark hopes that with the recognition from the U.S. government and more information about the Global Security Early Talent program out there, more companies will establish early talent cybersecurity initiatives and work together to combat the industry’s workforce crisis. “In security, it only works if we communicate with each other,” she says, talking about both the many security teams across 51·çÁ÷and the cyber industry at large. “We all have the same issues and we all want to tackle the same thing. [With the program at SAP] we want to make sure the next generation of security experts have a tight-knit community where they can reach out to each other.” 

Diversity is just as important as communication. It fosters fresh ideas in any industry, but in cybersecurity specifically diversity helps when addressing threats. Clark explains: “There has to be diversity because our adversaries are also diverse and we don’t know where they’re coming from or what their background is.” Likewise, the NCWES stresses the importance of empowering those currently underrepresented in the cyber workforce. 

As a large, global company, 51·çÁ÷has a responsibility to prioritize cybersecurity – for itself and its ecosystem. When you add in the workforce crisis and the need for early talents to that equation, it becomes a no-brainer. “We’re continuing to build our program and support the cyber force,” Clark says. “Ultimately, we want to see how we can also help others.” 

Gillian Hixson is an integrated communications specialist at SAP.

Data privacy, risk management, and cybersecurity remain key priorities for businesses in 2023 to ensure continuous high performance and to catapult to new heights. In a recent , 43% of survey respondents said that they plan to upgrade IT and data security to reduce corporate risks. That includes security and data protection measures to keep their data safe. This becomes even more important when moving to and operating in a cloud enterprise resource planning (ERP) environment to drive continuous innovation. In the same CIO survey, 12% of the respondents said that they are planning to accelerate the move to the cloud as a service.

Adopt a Zero Trust Security Approach for the Cloud

To secure data and operations in a hybrid work environment, companies have been adopting a zero trust approach. defines zero trust as an “information security model that denies access to applications and data by default. Threat prevention is achieved by only granting access to networks and workloads utilizing policy, informed by continuous, contextual, risk-based verification across users and their associated devices.”

According to 2022 global survey data published by , 39% of companies have already begun to roll out a zero trust solution and 41% of companies have plans to adopt a zero trust strategy and are in the early phases of doing so.

My principle in life is to trust people and systems until I am provided a reason not to. The zero trust principle is the exact opposite of this.

The zero trust approach has three key principles: all entities and users are untrusted by default until authorized, the least privilege access is enforced, and extensive security monitoring is in place. In short, no connections to corporate networks and systems should be trusted at sight. All users, devices, and systems need to be authenticated, reverified, and continuously monitored when accessing networks, systems, and data.

Adopting this approach to cloud transformation has become the leading industry standard to keep operations and data safe across the entire virtual and physical network infrastructure.

Here are some best practices for putting an enterprise security plan in place that utilizes zero trust concepts to run operations safely and securely in the cloud.

Define Clear Security Roles and Responsibilities

First and foremost, ensuring security is always a shared responsibility between companies and their cloud transformation partners. It is a common goal and commitment that is independent of the type of cloud path companies take.

Like with any shared responsibility, the best way to approach it is by defining the roles and responsibilities up front. This process starts by asking these key questions: who is managing the cloud, how will everyone work together to secure the cloud, who is responsible for which part, and where are dependencies?

This will ensure that there is a clear strategy and plan to monitor and implement security policies and measures.

Keep an Eye on Users, Devices, Network, Applications, and Monitoring

Based on our experience at 51·çÁ÷Enterprise Cloud Services, another best practice is to focus the zero trust security approach on five pillars: users, devices, networks, applications, and monitoring.

Eighty-seven percent of organizations consider the application layer as being the front door for data breaches. Most data breaches through cyberattacks happen because users fail to keep their credentials safe or fall prey to false identities. In addition, the number of remote users with their own devices has significantly increased in enterprise networks as well as the number of cloud-based assets that are not located within an enterprise-owned network boundary.

By regulating and monitoring user access to devices, networks, and applications, companies can protect all their resources, including assets, services, workflows, and network accounts. For example, identity management systems can manage privileged user authentication and access at a very granular level. This includes keeping administrative accounts separate from corporate accounts and applying encryption to several layers in the IT environment. Data classification makes it possible to associate the security levels with specific types of data, regardless of where that data resides – in the cloud, at endpoints, or in owned data centers.

Scaling Security Needs Faster with the Cloud

While managing the complexity of security needs for cloud transformations can be daunting, here is an added merit: companies can scale their security needs much faster in the cloud, according to research. Benefits include better automation capabilities as well as higher storage and data capacity in the cloud. Companies can push infrastructure as code and fix a security problem in real time when operating in the cloud. Automation also helps in increasing the maturity of identity management and security management systems. recommends embracing cybersecurity as a differentiator to promote greater stakeholder trust and better use of cloud-native solutions that take advantage of the cloud’s full potential.

In other words, you can shine like a diamond on your cloud platform of choice with a zero trust security approach for the cloud.

For more information, visit the site and read this chief security officer for 51·çÁ÷Enterprise Cloud Services.

Peter Pluim is president of 51·çÁ÷Enterprise Cloud Services and 51·çÁ÷Sovereign Cloud Services.

Breakthroughs happen less often than most people are inclined to believe. Instead, I often find that most innovations are incremental in nature. Admittedly, a slow-building approach doesn’t grab the spotlight like more daring alternatives do. Still, it’s no less important – driving countless small improvements that add up to massive transformations and huge gains down the line.

One prime example of incremental innovation’s impact is the continuous development of mobile devices. The first handheld cellular phone launched nearly 40 years ago. Since then, each new release introduced different sizes – some smaller and some larger – and functionalities such as texting, Internet access, context-driven command, touch screens, tracking and tracing, and many more capabilities now considered standard. In essence, mobile device providers allow themselves to experiment with new ideas while generating revenue that is then reinvested into making the product’s design and purpose more impactful and game-changing in the near future.

Ideas Are Only the Beginning

Ideas are only the start of an innovation journey, no matter how new, novel, or useful. It takes creativity and domain expertise to bring them to life and evolve them gradually by applying the latest lessons learned and scaling capabilities or user experiences to deliver more meaningful value.

As part of SAP’s “reinvent” strategy, my team of customer innovation and maintenance experts from within the Customer Solution Support & Innovation organization at 51·çÁ÷focuses on turning ideas into valuable solutions for critical challenges. Working with various industries, including agriculture and life sciences, allows us to innovate and deliver sustainable solutions that accelerate business success – from idea inception and proof of concept to implementation and maintenance.

Customer Solution Support & Innovation offers tremendous industry expertise that can enrich our customers’ growth areas, drive continuous innovation, and deliver prototypes faster to support their transformation into intelligent enterprises. And from our experience, innovations best realize their full value when scaled to add value while they are maintained and developed further to help the world run better and improve people’s lives.

Outcomes Are the Heart of Good Innovation

Our contributions in helping to overcome the impacts of the global COVID-19 pandemic were one of those moments where we revealed the true value of incremental innovation. Developing innovations in partnership under unprecedented conditions, we designed and rolled out numerous digital solutions more quickly and securely for millions of people.

A prime example is the . In only two months development time, we innovated a digital gateway with T-Systems that provides a standard for valid vaccine certification across the European Union and currently supports 600 million users. By removing the risk of falsified documentation, the introduction of this digital certificate represents an important step toward normalizing the freedom of movement within the eurozone and, as a result, stimulating the economy.

In addition, our team worked with Deutsche Telekom AG and Germany’s Federal Ministry of Health to develop the Corona-Warn-App to help identify infections quickly and notify people of their potential exposure. The mobile app, available for iOS and Android, was developed in open-source mode, and the program code was continuously visible to the public on the development platform – all without violating data privacy rights.

While the pandemic marked a significant era of innovation for businesses worldwide, our team has produced innovations important for business security. For instance, our work in detecting and preventing security breaches from cyberattacks plays a vital role in many of our customers’ IT infrastructure. Our experts combine the application – a leading threat detection software – with 24/7 managed security services. The application is continuously upgraded to help detect cyberattacks in on-premise and cloud solutions from 51·çÁ÷as they are happening and analyze the threats quickly enough to neutralize them before severe damage occurs.

More recently, we innovated with climate-focused technology company CHOOOSE to deliver a climate app. As one of the first solution extensions developed with existing capabilities available in and 51·çÁ÷Concur solutions, helps neutralize carbon emissions through high-quality compensation projects. As a result, our customers can acquire accurate data from their business flights and discover high-impact ways to offset their carbon footprint – all in one place.

We are also working on a prototype – – that marks the first step toward embracing virtual reality for running business. With the sustainability-focused concept, our experts are experimenting with collaboration with targeted data sharing between competing companies and integrating the virtual environment with open ecosystems such as . In addition, a decentralized peer-to-peer network based on 51·çÁ÷Business Technology Platform is being created without requiring central persistence.

Innovation That Delivers High Impact

Most companies make the mistake of looking too narrowly at the overall context of their innovation initiative. At Customer Solution Support & Innovation, we are constantly evaluating the 51·çÁ÷solution portfolio to find opportunities to adapt and add functionalities that can increase value in ways that can be quickly applied and scaled to meet our customers’ current and future needs.

Embracing the concept of incremental innovation has empowered us to shape a culture that is full of purpose, ingenuity, and discovery. So instead of dedicating all our resources to years-long projects with uncertain outcomes, 51·çÁ÷is committed to driving innovation close to our customers’ everyday environmental, social, and governance challenges – and we will continue to do so in the years to come.

Andreas Heckmann is executive vice president of Product Engineering and head of Customer Solution Support and Innovation at SAP. Follow him on and .

This fall, as part of its newest software update, Apple will allow users to make those annoying passwords a thing of the past on apps and online accounts. Microsoft, Google, and about 250 other companies are also seeking to replace passwords with password-less technologies.

Passkeys operate as pairs, and each passkey, when generated, is unique. One key sits on the service provider’s server. The other on the user’s device. In the case of Apple, the two keys are connected by Apple on the backend, and the user authenticates this with FaceID or TouchID.

SAP’s Take

Businesses are keeping close tabs on the progress of these password-less technologies. Password-less authentication would make many business processes easier to use and more seamless, and many companies have announced their commitment to accelerate availability of password-less sign-ins. Gartner predicts that 60% of large and global enterprises will implement password-less methods in more than 50% of use cases.

“Any industry that handles personal and sensitive information, including banking, healthcare, technology… any organization that wants to keep data away from the hands of threat actors would benefit,” 51·çÁ÷Chief Trust Officer Elena Kvochko said.

“Businesses that are not working to implement this type of authentication in the future might be limited by cost, effort, and end-user skepticism,” the cybersecurity expert said. “Passwords have been the first line of defense for a long time, which makes it more difficult to introduce a new type of authentication.”

Two of the most prevalent cyberattacks are phishing, which accounts for about a third of breaches, and brute force attacks, which rely on passwords to access a network or application. Password-less authentication removes the burden of users having to create complex, difficult passwords, remembering them, or storing them in a safe place.

The technology could also help deter more serious attacks and prevent insidious outcomes if it’s used in conjunction with other security technologies and controls.

“If it is used with multiple factors of authentication, there is a strong possibility that it can deter both ransomware and identity theft,” Kvochko said. “Password theft has historically been used in ransomware to gain access into a network. By removing the need for passwords, it will be more challenging for threat actors to access your data and network.”

Password-less authentication is nothing new. Biometrics, one-time codes, and magic links have been used for years in different spaces, industries, and platforms.

“The difference now is that password-less authentication will become the standard rather than an advanced option,” Kvochko said. “With major tech companies like Apple, Google, and Microsoft championing the effort to make this type of authentication more available in their devices, software, and applications, I believe we’ll see it everywhere very soon.”

Passkeys will help make our information safer, but it is not a silver bullet, Kvochko warned. Voice recordings or other biometric features used in passkey technology have been replicated in the past, underscoring the critical need for several authentication factors for greater protection.

“Any technology can also become a vector of attack,” she said. “There is no authentication system that can’t be hacked. Password-less authentication is still vulnerable to malware, man-in-the-browser, and other types of attacks. With that said, password-less authentication can be a better option than relying on simple passwords, especially when combining it with other authentication factors making it multi-factor authentication.”

Contact:
Ilaina Jonas, Senior Director of Global Media Relations, SAP
+1 (646) 923-2834, ilaina.jonas@sap.com
51·çÁ÷Press Room

As co-founder of the preeminent fraud-detection platform on the market – now available on – Reitblat told me that he has long experience in the “bad guy space,” building a successful career around staying ahead of bad actors. That means he’s the good guy for those making an honest living selling products and services online, and for buyers and shoppers making purchases digitally.

Known as “The Trust Platform” for digital commerce, Forter doesn’t focus on keeping people out, rather on creating a seamless customer experience for trusted shoppers. How is this done? Machine learning and automated decisioning. Built upon a data set of billions of online identities, the Forter platform provides accurate decisions on whether the end shopper is who they say they are instantly. This ability to provide real-time decisions also streamlines merchant operations, eliminating any dependence on manual transaction reviews. That’s the key to understanding the value of this great app.

The truth is that both online consumers and merchants are victimized by sophisticated, well-organized fraud networks, Reitblat explained, stealing and selling data in a chain of hard-to-detect transactions. To counteract that, merchants can inadvertently block shoppers who most need to purchase online because they fit the “wrong profile” – living in a country known for a high preponderance of fraudsters, for example. Someone might live a long distance from a physical retailer and be unable to buy essential items online, through no fault of their own. “We are here to give those buyers access, and that is a great source of pride,” he remarked. Further, if a consumer faces hurdles to online purchasing because of clumsy verification processes, they’ll just shop somewhere else. It is therefore crucial to eliminate false declines and reduce friction throughout the purchase journey.

Foiling Scams through a Circle of Trust

It’s somewhat ironic that the best way to thwart fraud is to operate in an environment of trust. In fact, trust among competitors is at the heart of Forter Fraud Protection. Criminals will target one type of company – a shoe manufacturer, for example – and, when detected, move on to exploit the next, giving them the advantage. “We reverse that asymmetry,” Reitblat said. “If you attack one of our customers, the others are immunized, thanks to an aggregated global network of data. They would never share their data with each other, but they are happy to do it through us.” Simply put, the Forter solution is built to recognize people through their data profile and authenticate them quickly and automatically.

I asked Reitblat about credit card protection. When a consumer reports a fraudulent charge, he replied, the onus is on the retailer, who is left with the expense and is subject to fines or suspension by the credit card issuers if there are too many instances. I was also curious about how Forter stays in front of the fraudsters. Let’s just say that Reitblat, who grew up in Israel and was once a member of the intelligence community there, has his people. “Detecting security breaches, theft, the dark economy – it’s the same world,” he said. “We have an active research team staying on top of these constantly evolving threats.”

Strength in Numbers

Reitblat co-founded Forter after working with a cybersecurity company that went through an acquisition – a crushing blow for him. Fortunately, he had reunited with an old high school friend from Jerusalem who also recognized that online commerce was about to take off. “In 2013, we still had to convince investors of the need for an authentication capability, and that it had to be fully automated or otherwise would require too many people to be scalable.” That resistance changed quickly, and today Forter is larger than many of its major customers, processing more than US$250 billion in transaction value per year and employing 500 professionals around the world. The solution is deployed in more than 30 countries.

The have resulted in a burst of demand that Reitblat and his partner could not have foreseen. Besides the explosion in online shopping, purchasing behavior and customer demographics across industries changed. New retail features appeared, like curbside pickup, buy online/pick up in store (BOPIS), and contactless check-in and check-out in the hospitality industry. New online buyers included senior citizens, students, and those in advancing geographies who had never transacted online before. Additionally, with the sudden surge of orders to be delivered to alternate addresses – holiday gifts, for example, or people purchasing for family members – e-commerce systems had an extra challenge in verifying legitimacy. That process was less complex for Forter customers because its customers were already authenticated in the system.

Forter Fraud Protection is tightly integrated with 51·çÁ÷Commerce Cloud. Laura Jorgens, director of Partnerships for Forter, acknowledged 51·çÁ÷partner for its “incredible support” in building out the integration. “Working with 51·çÁ÷and Netconomy feels like one ecosystem pulling together,” she said. “Hats off to the 51·çÁ÷partnership organization.” With the inclusion of Forter’s solution on 51·çÁ÷Store, she added, “51·çÁ÷has become one of Forter’s most important partners.”

Why not see for yourself how works? The solution was just an 51·çÁ÷Pinnacle Award finalist in the New App of the Year on 51·çÁ÷Store category. It’s available for download on . Or download the 51·çÁ÷and Forter .

Rajiv Nema is senior director of 51·çÁ÷Store Partner Solutions.

In the wake of vulnerabilities, massive breaches like , and the during the 2021 holiday season, organizations are changing up security strategies to mitigate damages that are predicted to total US$10.5 trillion annually by 2025.

Security Cultures Prioritize New Business Practices

As every company becomes technology-driven, risks are escalating, pushing security much closer to the top of business priorities. researchers said that by 2025, 70% of CEOs will mandate a culture of organizational resilience to survive coinciding threats from cybercrime, severe weather events, civil unrest, and political instabilities. Meanwhile, security cultures will have changed numerous business practices. By next year, analysts said that 80% of organizations faced with complex global regulations will increase security compliance automation investments by 25% to consistently meet policies and regulations. In the same time frame, IDC predicted 25% of G2000 public cloud customers will subscribe to integrated risk management and cyber-insurance policies through shared fate/risk programs to protect against sophisticated cyberattacks.

Make Security a Company-Wide Responsibility

Security and risk leaders who responded to a recent Gartner ranked the Internet of Things (IoT) and cyber-physical systems as their top concerns for the next three to five years. analysts predicted that by 2023, 75% of organizations will restructure risk and security governance to address the widespread adoption of advanced technologies, an increase from less than 15% today.

In a world where just about every organization is in the computer industry, embedded secure practices across the organization are table stakes. For example, 51·çÁ÷follows the NIST (National Institute of Technology in North America) cybersecurity framework, a holistic security strategy based on repeatable processes. This approach harmonizes controlled security company-wide, including product development and operations.

“Security has always been our number one concern,” said Tim McKnight, executive vice president and chief security officer at SAP. “With the acceleration of digitalization, organizations have embarked on a massive cloud-based computing transformation that extends to security. We’ve undergone a multi-year security transformation backed by the commitment of our Executive Board and real-time input from customers.”

A security culture comes down to a shared vision that’s carried out by leaders who make security a priority and teams who participate in ongoing trainings that celebrate success and learn from failures. People in any sector can take a page out of the software applications industry playbook.

“We’ve set cybersecurity goals for all of our executives,” said McKnight. “We present these measures to the Board on a regular basis, reviewing progress against security initiatives. With open conversations around security, we reinforce priorities while driving accountability from each department. Whether you’re an executive, team lead, or individual contributor, you need to understand your role in driving a security culture with a security-first mentality. After all, the vast majority of security incidents are the result of human error.”

Don’t Let Other Business Demands Supersede Security Resources

While just-in-time supply chains boost business agility in a post-pandemic environment, having more partners also increases risk. researchers predicted that 60% of security incidents will involve third parties in 2022. Maybe that’s why researchers said that by next year, 55% of organizations will allocate half of their security budgets to cross-technology ecosystems and platforms designed for rapid consumption and unified security capabilities to drive agile innovation.

Companies need to allocate sufficient resources to prioritize security across the entire product life cycle, from development through go-live and support. With intelligent capabilities from artificial intelligence (AI), machine learning, robotic process automation (RPA), and other technologies, products and services increasingly require advanced security measures.

“An effective culture makes security everyone’s responsibility,” said Wiebke Thelo, senior vice president and head of 51·çÁ÷Quality, Application Security, and Production. “For example, business information security officers at 51·çÁ÷report directly into business unit leaders. They work together, making sure that security is embedded into product design, development, and operation.”

Educate Employees Now for a Trusted Future

research showed that close to 25% of organizations report ransomware infections weekly. Human judgment is core to preventing these incidents. However, analysts warned about the “security brain drain” as one in 10 experienced professionals have exited the industry during the past year. These analysts advised security executives to address burnout and team culture problems and use succession planning to build a pipeline of security leaders.

51·çÁ÷Teams Up with HBCUs to Attract Talent to the Cybersecurity Curriculum

“A security culture requires significant learning and development, which is why we’ve professionalized security,” said McKnight. “The human element is critical – we position people first, process second, and technology third. We start with our people and make sure they have the skills they need.”

As remote working, just-in-time supply chains, and tech innovations continue, companies have to think and act faster than the criminals. There’s never a good time for a cyberattack. Just ask the people who suffered through the cream cheese shortage. Criminals don’t take holidays and a security culture is the best protection.

Follow me @smgaler

SAP’s announcement of these new sponsorships is part of a bigger effort by the company to foster the next generation of cybersecurity professionals.

51·çÁ÷will fund university research, providing professional internships and co-op opportunities, including mentorships, experiential learning and job opportunities for students. By sponsoring HBCUs, 51·çÁ÷aims to bring a more diverse talent base to the cybersecurity industry as well as provide guidance on ways to enrich these universities’ cybersecurity curriculums.

“Through SAP’s investment in universities, students will gain access to mentorship, experiential learning and job opportunities,” said Tim McKnight, Chief Security Officer, SAP. “These collaborations benefit SAP, but also the entire cybersecurity industry as 51·çÁ÷is doing its part to help close the skills gap in cybersecurity while reinforcing its commitment to advancing diversity in the workforce. We encourage all technology companies around the globe to follow our lead.”

Under this sponsorship, 51·çÁ÷also plans to fund students in underrepresented communities so they can attend the universities’ high school programs focused on computer science and cybersecurity. The funding will cover tuition, books, instructional support, and room and board. At the conclusion of the high school programs, selected students will be introduced to a computer science curriculum, including computer information systems and cybersecurity, in preparation for a career in cybersecurity.

SAP’s Chief Trust Officer, Elena Kvochko, noted how important it is for 51·çÁ÷to invest in diverse talent early to remain at the forefront of innovation and provide new opportunities for Black talent. She stated that supporting young people is critical for the success of the industry overall and emphasized the need for shared responsibility to invest in these individuals, so as to prepare them for careers in cybersecurity.

51·çÁ÷is committed to promoting diverse talent and developing early talent in the cybersecurity sector.

Visit the . Follow 51·çÁ÷on Twitter at .

Media Contact:
Mary Lasher, +1 (650) 421-6048, mary.lasher@sap.com, PT
51·çÁ÷Press Room; press@sap.com

This document contains forward-looking statements, which are predictions, projections, or other statements about future events. These statements are based on current expectations, forecasts, and assumptions that are subject to risks and uncertainties that could cause actual results and outcomes to materially differ. Additional information regarding these risks and uncertainties may be found in our filings with the Securities and Exchange Commission, including but not limited to the risk factors section of SAP’s 2020 Annual Report on Form 20-F.
© 2022 51·çÁ÷SE. All rights reserved.
51·çÁ÷and other 51·çÁ÷products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of 51·çÁ÷SE in Germany and other countries. Please see for additional trademark information and notices.

The relationship will see 51·çÁ÷sponsor the , a collaboration between Yale Law School’s Center for Global Legal Challenges, the Jackson Institute for Global Affairs and the Department of Computer Science, which aims to prepare next-generation technologists to address the most pressing issues in the cybersecurity sector.

SAP’s sponsorship will include scholarships, funding for diverse groups of students, educational materials, professional mentorship and access to jobs and internships for students aiming to pursue careers in cybersecurity, while also strengthening collaboration between the business and academic communities.

Additionally, 51·çÁ÷will live-stream the Yale Cyber Leadership Forum sessions to the public, for the first time making it possible to view and participate in its educational events and discussions.

“Greater workforce diversity is synonymous with innovation, creativity and a more secure enterprise landscape,” said Tim McKnight, EVP and Chief Security Officer of SAP. “By opening cybersecurity conversations and learning opportunities to a broader audience, we aim to foster a new generation of diverse talent.”

Yale University’s Ted Wittenstein, Executive Director ofĚýthe Jackson Institute’s newĚý, which examines how artificial intelligence has the potential to alter the fundamental building blocks of world affairs, noted that this new relationship will enable expanded student and public participation as well as help strengthen cybersecurity collaboration among the business and academic communities.

SAP’s Chief Trust Officer, Elena Kvochko, pointed out that by offering SAP’s vast technology network to broadcast Forum sessions, the company will help reach a broad array of audiences, including opening the Yale platform to underserved populations and providing opportunities for individuals to participate, learn and prepare for careers in cybersecurity.

51·çÁ÷brings security experts to the Forum’s extensive network of attorneys, technologists, entrepreneurs and policymakers, and will provide coaching and early career mentorship opportunities for students.

51·çÁ÷is committed to promoting diverse talent and developing early talent in the cybersecurity sector.

Visit the . Follow 51·çÁ÷on Twitter at .

Media Contact:
Mary Lasher, +1 (650) 421-6048, mary.lasher@sap.com, ET
51·çÁ÷Press Room; press@sap.com

This document contains forward-looking statements, which are predictions, projections, or other statements about future events. These statements are based on current expectations, forecasts, and assumptions that are subject to risks and uncertainties that could cause actual results and outcomes to materially differ.Ěý Additional information regarding these risks and uncertainties may be found in our filings with the Securities and Exchange Commission, including but not limited to the risk factors section of SAP’s 2020 Annual Report on Form 20-F.
© 2022 51·çÁ÷SE. All rights reserved.
51·çÁ÷and other 51·çÁ÷products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of 51·çÁ÷SE in Germany and other countries. Please see for additional trademark information and notices.

This is why 51·çÁ÷is releasing 51·çÁ÷Enterprise Threat Detection, a real-time cloud-based tailored for 51·çÁ÷applications and delivered as a 100% managed service by 51·çÁ÷on 51·çÁ÷Business Technology Platform. This cloud offering uniquely combines leading software with 24/7 51·çÁ÷managed security services by 51·çÁ÷experts.

The solution and service aim to support companies in detecting cyber-attacks in real time by continuously collecting, correlating, and analyzing anomalous and suspicious events across the 51·çÁ÷system landscape before serious damage occurs.Ěý

Why Is 51·çÁ÷Releasing This Service for Customers Now?

Many companies are currently switching to the cloud or to 51·çÁ÷S/4HANA. This transformation is an opportunity to enhance companies’ security measures and to protect such investments. Security is no longer a trivial subject and therefore cannot be neglected. Failing to make it a top priority means taking high risks and possibly facing hefty consequences when audited.

Cyber-attacks against businesses are in the news weekly. However, little technical detail is shared about the layers of the IT landscape being attacked. Since 51·çÁ÷applications often contain the most valuable data and run the most critical business processes across the enterprise, they are increasingly becoming a target for external and internal fraudsters.

Attacks can have serious consequences, such as loss of trust and intellectual property, huge fines, business interruption, revenue leakage, misstatement of financial records, among many other damages.

While general security teams guard the walls, perpetrators — internals or externals — are making their way to the companies’ crown jewels through the application layer’s backdoors.

What Is the Objective of the Cloud Edition of 51·çÁ÷Enterprise Threat Detection?

The logic and the structure of enterprise resource planning (ERP) systems are very different from the ones on the network or operating system layer. 51·çÁ÷applications have been developed to support end-to-end processes, so there is a huge amount of controls that must be managed and monitored.

Imagine the ERP system as an office building in a city (the internet) with thousands of criminals. All windows and doors are locked and bolted. Are we 100% sure that we are safe? Unfortunately not, because:

• Thieves and perpetrators always find new ways to break in and this is not going to stop. It is a continuous act of offense and defense from the attacker and the defender improving their methods and strategies to succeed.
• The best lock is futile if (internal) attackers are already in the house. More so, an alarm system will not necessarily protect your home if it fails to activate. Hence, there is a high exposure to risk.

In both scenarios, the objective is to detect such cases in real time to raise alerts faster with 51·çÁ÷customers, leveraging the managed service of 51·çÁ÷Enterprise Threat Detection, cloud edition.

24/7 Monitoring as a Managed Service

The managed service for 51·çÁ÷Enterprise Threat Detection includes monitoring of customers’ entire ERP landscape 24/7 by 51·çÁ÷experts, and risk-based, prioritized alerting. In addition, a monthly report is issued summarizing all suspicious activities detected as well as the details of how they were carried out.

While this offers effective protection that covers most auditors’ requirements, some companies may want additional support and flexibility. The extended version provides companies the option for extended services and enhanced service level agreements, such as prompt reaction to abnormalities and/or forensic analysis over a specified number of months, and more flexibility in creating and updating detection rules.

“Security is a top priority for SAP. We know some of our customers don’t have in-house security operations centers to monitor and protect their mission-critical applications from ever-growing cybersecurity threats”, said Thomas Ruhl, head of Product Management for Customer Innovation and Maintenance at SAP. “That’s why we released 51·çÁ÷Enterprise Threat Detection, cloud edition: a solution that bundles powerful software and a managed service by 51·çÁ÷security experts to defend against cyber-attacks and safeguard their business.”

Customers interested in learning more can contact their 51·çÁ÷Account Executive to organize a session to better understand the complete offering or email CIM_Communications@sap.com.

It’s not that these enterprises haven’t taken steps to protect these assets; it’s just that the “traditional” way of preparing for and responding to ransomware simply won’t work anymore.

So what’s needed to protect your organization’s business-critical applications from the looming threat of ransomware? That’s exactly what 51·çÁ÷and Onapsis seek to address here.

When most people think about ransomware, there are two immediate, “traditional” solutions that come to mind: backups and endpoint security. Both are critical components of a solid security program, without a doubt. However, their presence could lull organizations into a false sense of security, as there still remain gaps, especially related to business-critical systems that are connected in more ways than ever before.

The challenge is that many enterprises realize too late that, in preparation for a ransomware attack, you need to close all the doors and windows of your house — not just the front door of endpoint protection. When thinking about ransomware attack vectors, it’s imperative to consider all potential entry points into the business-critical environment and how to secure them. To continue this metaphor, this also includes evaluating your neighbors and how they get into your house too.

When you think about all of these vectors, you slowly realize that this challenge goes way beyond just endpoint security and backups. It requires a more holistic look at securing your business-critical applications, including — yes — things that we would classify as “good security hygiene.”

In a recent , we demonstrated that threat actors clearly have the means, the motivation, and the expertise to identify and exploit unprotected mission-critical applications, and are, in fact, actively doing so.

As an example, a massive, publicly traded company was recently subjected to a ransomware attack on its enterprise resource planning (ERP) application data. Did they have backups? Yes: the backup was refreshed once a week. However, operations halted anyway. When this happens, even with backups in place, it could still take hours or even days to restore from a backup, and the negative impact on the business and the financial losses are high regardless. Did they have endpoint security? Yes; however, the attackers bypassed the endpoint detection and response (EDR) software by accessing the data through the application. EDR is great for identifying activities on compromised assets and allowing the containment and collection of artifacts, such as process trees, files created by malware, but the application level still poses a challenge. And these attackers used that application layer, which was not monitored by the tool itself, to compromise the business-critical assets.

Vulnerabilities such as 10KBLAZE, PayDay, and RECON allow threat actors to take full control of applications through the application layer itself. These threat actors go straight to the application, and, once in, go down to the operating system level there. When you consider CIO digital transformation initiatives or the rapid adjustment to remote work due to the COVID-19 pandemic, there is a significant magnification of risk. Onapsis has observed that new, unprotected 51·çÁ÷applications provisioned in IaaS environments were discovered by threat actors and attacked in less than three hours, with more than 400 successful exploitations observed as of the date of this publication.

Ultimately, what’s needed then is a new model to defend against ransomware, one that goes beyond the scope of just protecting endpoints, backing up files, and hoping for the best. claims that organizations should “[i]mplement a risk-based vulnerability management process that includes threat intelligence. Ransomware often relies on unpatched systems to allow lateral movement. This should be a continuous process. The risk associated with vulnerabilities changes as these vulnerabilities are exploited by attackers.” We couldn’t agree more.

What’s needed is a renewed commitment to some key security fundamentals:

1. Security Hardening of Business-Critical Applications
2. Timely Patch Management
3. Point-in-Time Vulnerability Assessments
4. Continuous Monitoring of Vulnerabilities and Threats to Your Business-Critical Applications
5. Securing Your Custom Code in Business-Critical Applications
6. A Commitment to Control and Governance

51·çÁ÷is committed to continuously innovating our software to keep your information safe — both on premise and in the cloud. We prioritize security so that you can stay focused on running your business and managing your customer relationships effectively using 51·çÁ÷solutions, safe in the knowledge that your data is secured. To protect clients from ransomware attacks, securing development infrastructure, such as the build and deploy chain, is of utmost importance to prevent the manipulation of shipment artifacts.

As part of our commitment to clients, 51·çÁ÷follows a secure software development and operations lifecycle to identify and mitigate all kinds of security weaknesses and vulnerabilities during the development of products and services. Through the use of risk identification techniques such as the 51·çÁ÷threat modeling method and secure development trainings, 51·çÁ÷enables development teams to eliminate potential entry points for ransomware and other kind of attacks. It also ensures that basic security principles, such as that of least privilege, are part of the DNA of 51·çÁ÷developers.

51·çÁ÷continues to harden our systems with automated static code analysis, vulnerability scans, and validation from a dedicated, independent 51·çÁ÷internal security team. SAP’s software development lifecycle serves as an example to clients on how to support a DevSecOps model covering development and operations aspects for continuous and secure delivery of software.

When deploying and running 51·çÁ÷applications, it is imperative that organizations focus on hardening their system to minimize the overall attack surface — for example, ensuring the proper setting of system parameters and other aspects of system configuration, including the activation of security features and functionalities. It is important that the proper configuration settings are in place to protect an organization against possible security vulnerabilities.

51·çÁ÷provides key features such as the 51·çÁ÷EarlyWatch Alert service, which monitors the essential administrative areas of 51·çÁ÷components to keep organizations up to date on performance and stability as well as the 51·çÁ÷Security Optimization service, which verifies and improves the security by identifying potential security issues related to your 51·çÁ÷solution and providing key recommendations.

As threat actors continue to devise new modes of attack and vulnerabilities to these attacks are identified, 51·çÁ÷continuously provides security updates for existing code to keep your systems secure. 51·çÁ÷delivers these security updates through support packages, and, on the second Tuesday of every month, as part of “Security Patch Day,” 51·çÁ÷publishes security notes with the latest security corrections and recommendations. As noted, implementing a security maintenance process to assess and implement recommended security updates is a proven best practice for mitigating risk.

Onapsis has focused on protecting business-critical applications since 2009. We target the application layer with our Onapsis platform and serve an essential part of our clients’ plans to protect their business-critical 51·çÁ÷applications from ransomware attacks.

• By providing automatic visibility into critical vulnerabilities, missing important patches and security updates, misconfigurations, and insecure interfaces, Onapsis identifies all the open doors. This is a crucial component in any ransomware prevention initiative. Once the entry points are identified, they can be closed, thereby reducing the attack surface that may lead to ransomware.
• Through continuous monitoring and real-time alerts for threat indicators, Onapsis helps monitor real-time attempts to access critical systems through any remaining open doors. Win precious time to prevent threat actors from gaining further access.
• With code analysis in real time, prior to moving into production, and in transport, Onapsis can help identify foreign code, such as malware, or new vulnerabilities before they get released to the public. Code vulnerabilities may appear to be a minor attack vector, until they’re not, such as in the case of the Solar Winds attack. In Onapsis’ experience, we generally see one critical vulnerability per 1,000 lines of code, but our clients generally have millions of lines of custom code. It’s important to close those thousands of open doors to prevent any access to business-critical systems.

It’s time to think differently about ransomware. We’re in the middle of a perfect storm, with more unprotected 51·çÁ÷applications and remote workers than ever before, expert threat actors who have the expertise to attack these systems, hyperconnected business-critical systems across the cloud, and strained InfoSec teams that may have fallen behind in patching and vulnerability management. Ransomware is the final step of an attack that could utilize a myriad of attack vectors to directly access your business-critical applications.

Organizations should leverage the powerful native security capabilities of SAP, establish the right risk-based patch, code, and vulnerability management processes, and take advantage of the optimized tools and critical threat intelligence from Onapsis. If they do so, organizations can drastically reduce their risk profiles, stay a step ahead of ransomware groups, and ultimately keep their names out of the news.

Tim McKnight is CSO of SAP.
Richard Puckett is CISO of SAP.
Mariano Nunez is CEO of Onapsis.

Additional contributors this content include: Elena Kvochko, Imran Islam, Oliver Meli, Vic Chung, and Robert Lorch from SAP, as well as David D’Aprile, Maaya Alagappan, and Tess Cunard from Onapsis.

This agreement aims to help improve diversity in the cybersecurity sector by collaborating on a curriculum, providing more internships and early career opportunities, enabling better knowledge transfer between the organizations and encouraging early talent to explore new career opportunities.

“As technology progresses, it is our responsibility in the software industry to devise new ways to protect valuable data, support business operations and secure enterprises of all sizes,” said Tim McKnight, chief security officer, SAP. “This close relationship with Columbia University allows us to identify diverse talent to keep SAP’s customers and products safe while providing students and recent graduates an opportunity to launch a new and exciting career.”

As cyberattacks continue to make headlines, the demand for cybersecurity professionals is increasing.

“While there a high demand for cybersecurity professionals, there also is a significant gender disparity in the cybersecurity workforce,” said Elena Kvochko, chief trust officer, SAP. “We are hopeful that introducing this career path to students and recent graduates will bring a greater level of diversity to the industry. We believe that diversity will bring new ideas, skills and creativity when solving security challenges.”

51·çÁ÷plans to lead events on and off campus, contribute to thought leadership programs, host career events and sponsor Capstone workshops – SIPA’s signature consulting projects, which give students the opportunity to work with and advise external clients.

According to Jason Healey, senior research scholar at Columbia SIPA and a pioneer of cyberthreat intelligence, the school is looking forward to the opportunities this relationship will provide for students.

“Due to SAP’s funding, we’re already finding new opportunities to reach out to our diverse student body to let them know about the amazing job prospects in cybersecurity, even for those outside of STEM,” Healey said. “The events, projects, information and first-hand experience our students will have access to will be extremely valuable for their career development.”

Visit the . Follow 51·çÁ÷on Twitter at .

Media Contact:
Mary Lasher, +1 (650) 421-6048, mary.lasher@sap.com, ET
51·çÁ÷Press Room; press@sap.com

Any statements contained in this document that are not historical facts are forward-looking statements as defined in the U.S. Private Securities Litigation Reform Act of 1995. Words such as “anticipate,” “believe,” “estimate,” “expect,” “forecast,” “intend,” “may,” “plan,” “project,” “predict,” “should” and “will” and similar expressions as they relate to 51·çÁ÷are intended to identify such forward-looking statements. 51·çÁ÷undertakes no obligation to publicly update or revise any forward-looking statements. All forward-looking statements are subject to various risks and uncertainties that could cause actual results to differ materially from expectations. The factors that could affect SAP’s future financial results are discussed more fully in SAP’s filings with the U.S. Securities and Exchange Commission (“SEC”), including SAP’s most recent Annual Report on Form 20-F filed with the SEC. Readers are cautioned not to place undue reliance on these forward-looking statements, which speak only as of their dates.
© 2021 51·çÁ÷SE. All rights reserved.
51·çÁ÷and other 51·çÁ÷products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of 51·çÁ÷SE in Germany and other countries. Please see for additional trademark information and notices.

While the shortage in cybersecurity offers great career opportunities, it is not expected to be filled anytime soon. Hardly an organization is not impacted by a cybersecurity skills shortage – but it’s not a field where those willing to enter can become an expert overnight. A mid- to long-term strategy is required.

Security Starts with People

At SAP, security starts with people – professionals who are innovative, curious, tenacious, and driven to find new ways to solve emerging challenges in cybersecurity. According to 51·çÁ÷Chief Security Officer Tim McKnight, a diverse workforce is key to creating a greater mix of ideas to spur innovation. One of the issues in the industry, though, is that only 10% of information security professionals are women.

For SAP’s chief security officer, it is important that his organization achieve gender balance. “It needs to be built into our DNA, with my leadership team as well as throughout the organization,” McKnight stated. For him, it’s one thing to set goals for gender diversity but another matter altogether to build it into the culture of an organization.

“We’re looking for professionals who are driven by our mission: helping the world run better and improve people’s lives,” McKnight added. “A diverse professional background is important in solving the complex problems of cybersecurity.” Accordingly, 51·çÁ÷wants people with a passion for cybersecurity and an analytical mind-set who can think outside of the box, which goes beyond technical skills. For McKnight, women are key to increasing cybersecurity skills within his own team, but also to achieving greater gender parity in the workforce.

51·çÁ÷and Columbia SIPA Team to improve Diversity in Cybersecurity, Attract Early Talent

51·çÁ÷is taking a new route to close the skills gap and the gender gap by forging a new relationship with Columbia University School of International and Public Affairs (SIPA). According to the announcement made by SAP, the goal is to identify and develop early talent and improve diversity in the cybersecurity sector. Specific objectives include collaborating on a curriculum, providing more internships and early career opportunities, enabling better knowledge transfer between the organizations, and encouraging early talent to explore new career opportunities.

“Early engagement is an important factor when it comes to increasing diversity in the workplace,” said Beth Mauro, associate dean of Development at Columbia SIPA. “Ultimately, it benefits both the company and students. The company has the benefit of gaining a diverse workforce and the students have a unique opportunity to enter a high-demand career path with plenty of opportunities for growth.”

51·çÁ÷will lead events on and off campus, contribute to thought leadership, host career events, and sponsor Capstone workshops – SIPA’s signature consulting projects, which give students the opportunity to work with and advise external clients.

51·çÁ÷Chief Trust Officer Elena Kvochko observed: “We are hopeful that introducing this career path to students and recent graduates will make this career field more attractive for women.”

For SAP, security and diversity are not just about being compliant and fair but about bringing ideas, skills, and creativity to the organization to find new ways to solve emerging challenges in cybersecurity.

51·çÁ÷expects to see an increasing demand for a broader scope of professionals, such as incident response specialists, information security engineers, and penetration testers, but also for traditionally nonsecurity roles to incorporate more security-related tasks. This trend is opening doors to many opportunities for transitioning to a career in cybersecurity. 51·çÁ÷is currently seeking to hire 100 security professionals. For more information, see .