SAP security consulting in Geneva, Switzerland
SAP Security

SAP Security Consulting

We are a Geneva-based cybersecurity consulting firm with a deep specialty in SAP security. Where most security teams stop at the network and the endpoint, we go all the way into the SAP stack (governance, authorizations and the platform itself), because that is where your financial data and your most sensitive processes actually live.

This page is the hub for how we secure SAP. For the wider picture (IT controls, audit, SOC readiness and AI governance), see our full consulting services.

What is SAP security?

SAP security is the set of controls that protect an SAP system from misuse, error and attack. It spans three layers that are often treated separately but have to work together:

  • Access governance: who can do what, and whether those combinations create risk (segregation of duties, critical access, emergency access).
  • Authorizations: the roles and authorization objects that actually grant that access inside SAP.
  • Platform cybersecurity: patching, hardening and monitoring of the SAP system itself (kernel, RFC, gateway, communications, logs).

A gap in any one layer undermines the other two. A clean SoD ruleset means little on an unpatched system with an open gateway; perfectly hardened infrastructure means little if half your users hold SAP_ALL.

Our SAP security scope

SAP GRC & access governance

Segregation of duties (SoD) analysis and remediation, critical access review, SoD ruleset design and benchmarking, and emergency access (Firefighter / EAM) process design. We work with SAP GRC Access Control and with lighter, tool-based approaches where a full GRC deployment is not justified.

Read: SAP Firefighter role design · Implementing SP21 Firefighter changes on GRCPINW V1100

SAP authorizations & role design

Authorization concept design and implementation, role redesign for greenfield and brownfield projects, SU24 and proposal maintenance, and RFC hardening with UCON. We design roles that map to real job functions and stay SoD-clean by construction rather than by exception.

SAP platform cybersecurity

SAP Security Notes and patch management, system hardening (profile parameters, gateway reginfo/secinfo, message server), secure communication (SNC/TLS), and security monitoring with the Security Audit Log. The SAP-specific cyber layer that generic security programs routinely miss.

Read: SAP cybersecurity: hardening the SAP platform

S/4HANA security & migration

Authorization redesign for S/4HANA (business roles, Fiori catalogs, new authorization objects), emergency access readiness, and the security workstream of a migration. A move to S/4HANA is the best opportunity you will get to clean up years of accumulated access debt.

Read: SAP S/4HANA migration guide

Our access-risk tool, MTC Skopos

For access-risk analysis we use our own tool, MTC Skopos: authorization-level SoD and critical-access analysis on SAP, S/4HANA and non-SAP systems. The product and its methodology have a dedicated site at mtcskopos.com.

Why work with us

  • Senior, Swiss-based accountability. You work with people who have designed and audited SAP security for regulated organizations, not a rotating bench of juniors.
  • The whole stack. Governance, authorizations and platform cyber under one roof, no hand-offs between teams that do not speak SAP.
  • Fixed-price where it makes sense. Clear scope, clear price. See our fixed-price packages.
  • Scale when you need it. For large GRC programs and group-wide transformations, we partner with leading global audit, risk and technology consulting firms while keeping the security outcome owned in Switzerland.

We serve organizations in Geneva, Lausanne, Neuchâtel, Fribourg and across Suisse Romande, German-speaking Switzerland, neighboring France and internationally. See our dedicated page on SAP security consulting in Switzerland for the Swiss regulatory context.

View fixed-price packages Talk to an SAP security consultant