Security is a top priority for SAP, particular as business applications become increasingly on-device and mobile,...
says co-chief executive Jim Hagemann Snabe.
In the past, enterprise had one system installed on premise that was behind a firewall, he said, but now there is a mixture of on-premise, cloud and mobile applications.
In the light of the trend to multiple deployment options, SAP has increased its commitment not just to quality, but in particular to security, he said.
"You will see us taking a lead in terms of driving security up in the business application space because it is necessary," he said.
An increased focus on security is a very deliberate act by SAP leaders, said Snabe.
Rigorous testing of SAP software will include input from hackers invited to help find security vulnerabilities so that these holes can be closed very rapidly, he said.
"I believe security is the biggest challenge for the whole of mobile. If you really want to do business then mobile, not consumer, security is the biggest challenge and opportunity [for those who succeed in getting it right]," said Snabe.
For SAP, the acquisition of Sybase was a big step in the right direction, said Snabe.
"They have years of mobile experience, so they know a lot about security and device management, which is another challenge in mobility," he said.
In addition to a rigorous testing programme, SAP is increasing the size of its security team and incorporating the Sybase experience in this field.
"You will see us do two things: First of all invest in the central teams and also invite the security community into this topic. But for me it is important that every single developer at SAP understands security. It is about building secure software, not filling the holes afterwards," said Snabe.
SAP is also training all developers in the latest thinking around security so that they can design secure solutions rather than trying to patch it afterwards, he said.
"So far we have worked mainly inside, but we do have some outside collaboration and we are planning to expand on that," he said, because security in business applications is non-negotiable, but it is a challenge and an opportunity for the whole software industry.
Snabe believes security issues typically happen in the interaction between two types of technology, rather than within a single technology.
"The more harmonised you have a technology choice, the easier it is to solve, but once you have multiple technologies, then it is between them where the faults appear, and therefore it requires co-operation across companies," he said.