Noted security guru Bruce Schneier has long made the following observation: If it’s in the news, you don’t have to worry about it. The media obsesses on the one-offs. While a small number of tragic deaths around vaping were covered relentlessly in the media, more people died exponentially in DUI-related accidents, but the media didn’t cover that.

In the world of information security, Windows gets all the media coverage. And that is precisely the point Alexander Polyakov addresses in SAP Cybersecurity for CISO (ERPscan 978-1980531043). SAP is found in a majority of the Fortune 500 and is often a critical element that keeps them operating.

Yet far too many firms don’t consider the security implications of SAP. The importance of this can’t be overemphasized, given that the E in ERP stands for Enterprise. And any vulnerabilities or security misconfigurations in SAP will affect the entire organization and supply chain.

Most of the SAP security guides are thousands of pages long. At 275 pages, this book is meant, as the title indicates, to be a high-level guide for CXOs, so they can understand what needs to be done by their direct reports.

SAP is a massive, actually a monstrosity of an application. With over 70 acquisitions, SAP is simply a monster of a program that needs to be tamed. The book does an excellent job of showing the jobs that need to be done.

Polyakov is not a native English speaker, and the writing in the book is a bit rough around the edges at times. But that is easily forgiven, given the importance of the topic and the death of useful resources on it.


For those whose responsibilities include SAP and SAP security, this is a book that should be read. After it has been read, it is crucial that there be adequate staff empowered to make the necessary changes to ensure that SAP security is done correctly.
Contributors: