In just a few years, Business Central has evolved from a relatively closed ERP system into a fully connected cloud platform. With Power Apps, APIs, Copilot, webshops, integrations, and constant compliance pressure, the number of security‑sensitive components has grown dramatically. Yet security is still often treated as something “for later,” “for the auditor,” or “for the technical team.”

In this session, I show why both developers and consultants, often without realizing it, hold a critical role in creating a secure Business Central environment. Through real‑world examples, we’ll explore how small decisions in code, integrations, data classification, and permissions can introduce major risks… or lead to a robust and trustworthy solution.

We will cover:
• Applying Secure by Design and Privacy by Design to Business Central
• Common pitfalls in extensions, integrations, and configuration
• How developers build secure apps using permission sets, filtering, data classification, and the least‑privilege principle
• The consultant’s role: process design, responsibilities, SoD, and breaking the “everyone needs access” mindset
• A practical mindset shift: treating security as a quality standard, not a delay

Participants leave with concrete, applicable tools for writing safer code, designing safer processes, and delivering more secure implementations—along with a deeper understanding of their own responsibility in the security chain.