NTT DATA Business Solutions has partnered with Pathlock to deliver managed SAP cybersecurity services worldwide, bringing continuous monitoring, detection, response, and governance support into SAP environments.
The global service, announced on June 16, combines NTT DATA Business Solutions’ managed services and Security Operations Center capabilities with Pathlock’s Cybersecurity Application Controls software. That gives enterprises a managed model for protecting SAP systems without relying entirely on internal SAP security specialists.
The offering targets a persistent gap in enterprise cybersecurity. Many organizations have invested heavily in cloud, endpoint, and network security, while SAP environments often remain harder to monitor because risks sit inside business transactions, access rights, custom code, system transports, and sensitive workflows.
For ERP leaders, that makes SAP security an operational resilience issue. Finance, procurement, supply chain, payroll, and order management processes often run through SAP, so unauthorized access, fraud, misconfiguration, or business process manipulation can quickly become a business disruption.
SAP Security and the Managed SOC Model
NTT DATA Business Solutions reportedly will deliver the service through its Security Operations Center network, while Pathlock provides the application-layer controls and automation.
The service covers SAP vulnerability management, threat detection and response, code scanning, transport control, and dynamic access controls. Pathlock said the offering is designed to provide faster detection and response to SAP-specific threats and suspicious activity, while improving governance, compliance, and risk visibility across SAP environments.
That application-layer focus separates the partnership from broader managed cyber services. Standard security operations often monitor infrastructure, endpoints, and network behavior. SAP security also requires visibility into who can execute sensitive transactions, which code changes are moving through the landscape, how transports are controlled, and whether user activity points to fraud or misuse.
“SAP systems remain one of the most underprotected layers in enterprise cybersecurity,” said Damon Tompkins, CEO of Pathlock. “By partnering with NTT DATA Business Solutions, we are making advanced SAP cybersecurity operations accessible at global scale.”
Analysis
What this means: ERP security has to follow the transaction. SAP environments carry financial, procurement, supply chain, payroll, and operational processes that cannot be fully protected by infrastructure monitoring alone. ERP leaders need controls that understand access, code, transports, and business-process execution inside the application layer.
Automation and the SAP Security Skills Gap
The partnership also responds to a workforce problem.
Pathlock said many enterprises struggle to maintain the specialist resources needed to continuously monitor complex SAP landscapes. That gap becomes more serious when incidents occur outside normal business hours and no SAP security expert is available to respond.
Jonathan Stross, Senior Product Manager, Cybersecurity R&I at Pathlock, said critical incidents do not wait for business hours. The managed service is designed to close that response gap by combining NTT DATA Business Solutions’ Security Operations Center capabilities with Pathlock’s SAP-focused controls.
The service is powered by Pathlock Nexus, which Pathlock describes as an AI-native platform that unifies identity, governance, assurance, and security for ERP and business-critical applications. In this partnership, that means security teams can monitor identities, access, transactions, and controls inside SAP rather than treating SAP as just another system behind the firewall.
Analysis
What this means: Managed services can close the SAP security capacity gap. NTT DATA Business Solutions and Pathlock are targeting the shortage of specialists who can monitor SAP environments continuously and respond when incidents occur. For enterprise teams, the lesson is ERP security operating models must account for 24/7 coverage, automation, escalation, and application expertise.
Sponsor Industry‑Grade Research
ERP Security and Business Process Control
The partnership points to a broader shift in ERP cybersecurity.
SAP risk often lives at the transaction layer, where access decisions, process permissions, and configuration choices determine who can approve payments, change suppliers, move code, release transports, or manipulate business records. That makes SAP cyber defense closely tied to governance, risk, compliance, and fraud prevention.
Claus Tscherner, Head of Global Business Managed Services Product Management at NTT DATA Business Solutions, said SAP ERP sits at the heart of customers’ business processes and requires deep application expertise and continuous support.
For customers, the practical value is not only 24/7 monitoring. It is a more governed way to secure the business activities running inside SAP. As ERP landscapes grow more interconnected through cloud, APIs, automation, and AI-enabled workflows, the ability to monitor application-level behavior will become more important to keeping daily operations secure.
Analysis
What this means: Application-layer cyber defense strengthens operational resilience. SAP disruptions can affect payments, suppliers, inventory, production, and compliance reporting, making ERP cybersecurity a business continuity issue. Organizations should treat SAP threat monitoring, identity governance, transaction control, and vulnerability management as part of core resilience planning, not as a separate technical workstream.
