The SAP migration question does not have a single right answer in 2026, and three companies reported on by ERP Today this month make that case more clearly than any vendor presentation could.
- Lwart Environmental Solutions in Brazil is extending SAP ECC 6 with third-party support while a major factory expansion takes priority.
- Victrola completed a greenfield migration to SAP Cloud ERP Public Edition, cut P&L reporting time by 94%, and now treats its refreshed data foundation as the basis for its AI strategy.
- Reveal USA is making the case that the value question should be answered before the migration question, and it is putting 100% of its fees at risk to prove it.
Set against June’s SAP patch day updates and the broader security patch analysis, these three postures reflect a market under simultaneous technical, operational, and commercial pressure.
Stabilize, Don’t Migrate: Lwart Environmental Solutions
Lwart Environmental Solutions is a Brazilian oil recycler that processes 240 million liters of used vehicle oil per year across more than half of Brazil’s municipal regions, operating 21 collection centers and roughly 650 heavy-duty vehicles. With 1,100 employees—540 of them mobile workers in the field—and SAP ECC 6 as the operational backbone of the entire collection network, the stakes of any ERP disruption are not theoretical.
As Jefferson Andriotti, Lwart’s head of IT and procurement, put it: “If SAP stops working, the whole oil collection process around the country comes to a halt.”
When Lwart began a factory expansion in 2024 that will add 50% more production capacity, the decision to modernize its ERP system at the same time would have imposed two simultaneous transformation programs on a business where operational continuity is non-negotiable. The team chose instead to extend SAP ECC 6 through Rimini Street, cutting ERP support costs by 50%. That relationship later expanded to VMware support after Broadcom’s acquisition introduced the prospect of a tripling in VMware costs.
What other SAP customers can take from Lwart: Sequencing matters more than speed. Third-party support is a financially viable mechanism for buying time—not indefinitely, but long enough for physical infrastructure investments or operational consolidation to complete before the ERP adds its own disruption overhead.
Innovation did not stop; the IT team built a mobile application for oil collection drivers that removes the need for cash in the field. The core system stayed stable; targeted capability was added around it.
Go Greenfield, Reset the Foundation: Victrola
Victrola, the consumer audio brand operating in a vinyl market that exceeded $1 billion in revenue in 2025 for the first time this century, reached the limits of its SAP ECC environment as it expanded into new sales and distribution channels.
The company chose not to migrate incrementally. Instead, it did a greenfield migration to SAP Cloud ERP Public Edition—no historical data migration, fit-to-standard workshops to eliminate legacy customizations, and a six-month project window deliberately scheduled to avoid the peak Q4 sales period. About 75% of company leaders were involved in the program.
The results were measurable and specific. P&L reporting that previously took four hours now runs in 10 to 15 minutes—a 94% reduction. More than 250 hours of finance-related work was eliminated. And confidence in the data changed the team’s relationship with the system entirely.
“We’re more trusting in our data and that’s because we went through that exercise of really retooling what our landscape looked like,” said Adam Schneider, SVP of Digital Strategy at Victrola. “When we think about our AI strategy, I’m no longer scared of our system.”
Implementation partner Reply was selected for SAP Cloud ERP expertise and fit with Victrola’s culture. The greenfield choice—accepting the loss of historical data in exchange for a clean technical foundation—is the decision most organizations debate longest and execute least. Victrola’s case argues the speed of the subsequent AI and reporting improvements can justify the up-front constraint.
Prove Value Before Transforming: Reveal USA
Reveal USA is taking a different position entirely. Its oVo Rapid Results program targets SAP-run enterprises where the system is live and functional but not performing at the level the business expects.
It calls that operational drift: processes diverge, manual workarounds multiply, spreadsheets take over, and decisions move outside the SAP environment. SAP keeps running; service levels, inventory turns, working capital, and margins absorb the quiet damage.
The commercial model is unusual enough to be worth noting on its own terms. Reveal USA places 100% of its new oVo Rapid Results fees at risk against a guaranteed 8x return within 12 months, or the client’s investment is refunded. No new software is required; the work is done inside existing SAP environments.
Managing Partner Martin Rowan framed the premise bluntly: “For too long, SAP clients have paid for activity and hoped for value.” Reveal reports across its client engagements an average 32% improvement in service levels, a 17% increase in inventory turns, and more than $1.2 billion in released working capital.
The implication for the migration debate? A meaningful number of SAP customers running SAP ECC or SAP S/4HANA live may be sitting on trapped value inside their current systems. Unlocking that value and measuring it before committing to a migration or transformation program gives organizations a more defensible commercial position and a cleaner baseline from which to evaluate whether the migration itself can deliver additional returns.
The Security Patch Context
June’s SAP patch cycle adds a layer of urgency to all three migration stances that cannot be set aside.
SAP’s June 2026 Security Patch Day delivered four critical fixes, including CVE-2026-44748, a CVSS 9.9 XML Signature Wrapping vulnerability in SAML authentication for SAP NetWeaver AS ABAP, and CVE-2026-27671, a CVSS 9.8 memory corruption vulnerability in the ABAP kernel triggered by a crafted RFC request from an unauthenticated attacker—for which there is no workaround; only a kernel patch resolves it.
The SAML flaw carries a temporary workaround—disabling SAML authentication—but the permanent fix requires applying SAP-provided corrections or support packages. As Jonathan Stross, Senior Product Manager Cybersecurity R&I at Pathlock, noted in the deeper security analysis, in large estates the SAML flaw “is not an edge case; it is a core authentication control.”
Separately, SAP updated Security Note 3747787 after another malicious npm package was identified in what has been dubbed as the Mini Shai-Hulud software supply chain attack (flagged by SecurityBridge). This affects SAP Cloud Application Programming Model and MTA Build Tool, bringing developer pipeline security inside the enterprise security perimeter.
For organizations on SAP ECC with third-party support, on SAP S/4HANA in the cloud, or on a live system that has not been optimized in years, the same message applies: Trust controls, authentication boundaries, and build tooling are all active attack surfaces right now.
What This Means for ERP Insiders
- The migration decision and the security posture are the same conversation. The June patch cycle’s CVSS 9.9 SAML flaw and CVSS 9.8 unauthenticated ABAP kernel vulnerability apply to every SAP estate regardless of migration status. SAP ECC on third-party support, SAP S/4HANA in the cloud, and live systems that haven’t been optimized in years all share the same authentication attack surface. Choosing when to migrate does not defer the security obligation.
- Sequencing a factory expansion before an ERP migration is a legitimate strategic decision. Lwart’s approach—cutting support costs 50% through Rimini Street while a 50%-capacity factory expansion completes—is a model for any capital-intensive business where operational continuity outranks ERP modernization on the risk register. Third-party support buys time; the question is whether the organization uses that time productively.
- Greenfield migration eliminates legacy debt but requires upfront discipline. Victrola’s 94% P&L reporting reduction and 250+ hours of eliminated finance work came directly from the decision to migrate with no historical data and strip out legacy customizations via fit-to-standard workshops. The clean foundation is what made the AI strategy possible. Organizations that migrate customization-for-customization rarely get those results.
- The “prove value first” argument has a price tag attached. Reveal USA’s 8x guarantee model frames operational drift—processes diverging from SAP, spreadsheets multiplying, decisions moving outside the system—as a pre-migration diagnostic, not just a complaint. The reported $1.2 billion in released working capital across Reveal USA engagements suggests the trapped value in live but underperforming SAP systems is material enough to measure before committing to transformation spend.
- The Mini Shai-Hulud supply chain attack changes the developer pipeline risk calculus. The malicious npm package in SAP Cloud Application Programming Model and MTA Build Tool, flagged by SecurityBridge and covered in Security Note 3747787, means developer environments, build pipelines, and package managers are now inside the enterprise security perimeter, not just the production ERP. Any organization with active SAP development or customization work needs to treat the build toolchain as a compliance scope item, not just an IT concern.
