SAP Security & Compliance: “Customers need Solution Providers.”

SAST SOLUTIONS from AKQUINET honored with Softshell Vendor Award in GoldStarted with two modules in 2006, the SAST SOLUTIONS portfolio now comprises a comprehensive combination of software, consulting and service, and offers a holistic solution for safeguarding SAP systems. In this interview, Managing Director Bodo Kahl talks about the topics that concern himself as well as the entire industry, and describes the qualities that characterize a good service provider for SAP security and compliance today.

A lot has happened since 2006: New products and innovative development in the SAP environment, a continuously changing industry, an increasing shortage of skilled personnel and a growing threat of unauthorized access to valuable data in SAP systems. This makes it even more important for companies to be able to rely on external support. This is based on experience, expertise and software that adapts to individual customer needs.

As an established service provider in German-speaking countries, akquinet AG was recently awarded the golden Softshell Vendor Award for SAST SOLUTIONS (link to the press release) – as one of a total of three percent of all providers analyzed. Aspects that were evaluated included long-term business planning and continuous contact with customers. That is reason enough to ask Bodo Kahl, CEO of SAST SOLUTIONS at akquinet AG, for more detailed information.

Bodo Kahl, winning awards is always a cause for joy. What makes this award special for you?

Bodo Kahl from SAST SOLUTIONSI was very pleased to receive this information about winning the award. It not only recognizes a single product from our portfolio, but also the company and its position in the German-speaking market itself. We gladly make it our motto: to be a company that is established in the market and meets customer needs. We received the award for years of hard work, and that makes us proud.

What currently distinguishes a leading SAP security provider?

Leading SAP security providers take a holistic approach that includes all the components needed to secure SAP systems. This includes SAP Basis as well as the connected applications and processes. Customers also need a partner who looks beyond the immediate horizons, knows the current changes and simultaneously takes innovative developments into account.

Where do you see yourself in this role?

We see ourselves as a solution provider. What makes us special is that we provide both the software and the services, and we ultimately implement 90 percent of the projects ourselves. As part of these projects, we develop methods and procedures that work in conjunction with our software. This enables us to work faster and more efficiently. This is a rare combination, and it provides us with a good starting position to actively provide assistance and advice at precisely the point where this is needed.

Where do you see the greatest need among those in positions of responsibility?

Apart from the challenges associated with S/4HANA, SAP Cloud or an increased number of attacks by hackers, I see the internal lack of resources and specialists to be the major pain points in IT departments. For this reason, I believe that the greatest need at the moment is for a partner who can provide both rapid and effective support, yet also provide long-term assistance.

And that is where SAST comes in?

Exactly. We step in when the customer is unable to make any progress, and we start the process for comprehensive protection of the SAP systems. Our customers end up saving time as well as money. Studies repeatedly show that a single successful attack is enough to cause damage running into the millions. The saying is true: It’s never too late to take precautions. We can achieve immediate results that work by means of preconfigured standards. An audit, for example, can show us within a few hours where the shoe pinches. This also helps as a basis for reasoning in order to internally justify the necessity of such measures.

You mentioned S/4HANA: What advice would you offer SAP security experts regarding the changeover?

I was truly shocked by the number of people who are not currently worried about SAP security as part of their S/4HANA migration – according to the “IT-Onlinemagazin” [website], that is over a quarter of all persons who are responsible. In my opinion, this is gross negligence because none of the security measures in ERP systems can be simply transferred to S/4HANA. I therefore recommend incorporating two different approaches into strategic planning: Clean up now and draw up a comprehensive security concept from the very start. Our software runs on all systems, is certified by SAP and thus offers the opportunity to be secure now and, this is especially crucial, above all to remain secure in the future.

You received the Softshell Vendor Award for long-term business planning, among other things: What does this mean for SAST SOLUTIONS?

Above all, this means not giving trends priority over daily operations. Following innovations, absorbing ideas and comparing our own solutions with long-term trends is – without question – a must in our industry. Nevertheless, we also believe that it is important not to throw everything overboard in order to follow every trend. That is why we pay particular attention to ensuring that the standards are correct, and we first concentrate on what our customers need now.

A positive effect, of course, is that solutions that can generally be characterized as trendy often emerge simultaneously. A few years ago, for example, the topic of real time arose from a challenge faced by a customer. We worked together on a solution to display critical events within a few seconds. Today, real-time monitoring in the area of SAP security and compliance is indispensable.

Does this mean that you specifically develop products together with your customers?

Whatever the case, we are very interested in testing solutions directly with customers. At the end of the day, all of the theory is of no use if we develop offers that are out of touch with the times. This is why we integrate the customer’s ideas into our developments. In some cases, the customer requirements are even decisive for the development of a new product or feature. This was also recently the case in the area of code management as well as with the self-adjusting authorizations, where we worked closely with customers.

That is why it is important for us to have long-term partnerships with our customers. Only if we know our customers and their SAP security & compliance requirements, we are able to offer them tailor-made solutions with a long service life, thereby having a positive effect on our business planning.

The award is specifically given for the German-speaking market. You are also active worldwide. Do you notice any differences between the German and international markets?

The tasks facing customers in the German-speaking market also exist internationally. The challenges in IT departments are global and not specific to a particular industry, and the requirements for SAP security & compliance are the same.

For us, this means: What works in Germany also works worldwide. Thanks to our international partner network, we are represented in many different markets – including the USA, Scandinavia as well as Poland – and our direct contacts allow us to keep our finger on the pulse of the time. This has the advantage of being able to incorporate a variety of attitudes and try out cross-market ideas. Looking outside the box is a clear competitive advantage today.

What has happened in the SAP security & compliance environment since the start of SAST SOLUTIONS?

Even though the playing field of SAP security & compliance remains quite manageable, competition has certainly increased. The topic appears to be moving higher and higher on the agenda of companies using SAP, and providers are realizing that there is something to be done there. I don’t want to conjure up the image of a shark tank here – we are still a long way from that. Nevertheless, we increasingly have to deal with new players. At the same time, we are seeing consolidation in the market. Companies are merging or being taken over in order to achieve a stronger market position. Notwithstanding this, we still operate in a niche market – and positioning ourselves in this field is both challenging and exciting.

How is your portfolio positioned in this competition? What is important to you?

Before I go into the portfolio, I would like to start by pointing out that we are building upon a strong foundation. In fact, we operate as an independent, owner-managed business with a strong parent company behind us. AKQUINET is the largest independent, owner-managed IT company in the German-speaking world. That is worth a lot.

SAST SOLUTIONS acts as a solution provider within this structure. This means that we offer modular software and sound advice from a single source. Booked as a managed service, executives can focus on their day-to-day business while we handle the protection of their SAP systems. Our customers can order an all-around worry-free package that also meets their exact requirements. It is important to us to recognize the individual challenges of each customer and to manage these cooperatively as partners. Long-term business relationships together with open and ongoing communication help us to achieve this.

What is your recommendation for selecting a suitable partner for securing SAP landscapes? Which criteria should companies consider?

As I see it, there are four key aspects to choosing an SAP security & compliance expert:

  • Does the provider present a holistic view of SAP security & compliance?
    Even the smallest gap in the system or an incorrectly configured role is enough to cause significant security risks.
  • Does the service provider have an opportunity to quickly take stock of the customer’s situation, for example through an audit?
    An audit makes it possible to assess the actual risk potential in SAP landscapes and to identify potential points of attack at an early stage.
  • Can the provider demonstrate any experience? What project references have been collected over the years?
    This includes long-term experience as well as current developments such as S/4HANA and the expertise in working with customers.
  • What product and service portfolio does the service provider offer?
    SAST SOLUTIONS offers a portfolio combination comprising software and consulting, and consequently a holistic solution for current and future challenges.

Many thanks, Bodo Kahl, for sharing these insights.


Do you want to learn more about the options for safeguarding your SAP systems? We will gladly advise you and answer your questions at any time. Get in touch with us today:

Get to know us and benefit from our expertise. Real-time monitoring, tips for secure migration to S/4HANA or tailor-made roles at the touch of a button – our webinars will provide you with recommendations for action that are suited to your individual requirements, live or on demand.


These articles may also be of interest to you

Managed Service: The Booster for your SAP Security & Compliance
Anniversary Interview: 10 Years of SAST – How it all began…