Skip to content
GROW with SAP and SecurityBridge

Growing Securely in the Cloud - GROW with SAP and SecurityBridge

e908e5c5af1a950c53a039b63c9467ab?s=96&d=mm&r=g
Holger Huegel
Product Management Director
April 14, 2025
7 min read

Chapters

Share Article

Let's Talk SAP Security

Have questions about SAP Security? We’re here to help. Contact Us

For fast-growing businesses, success hinges on speed, adaptability, and security. As organizations move to the cloud to accelerate their digital transformation, the need for efficient, reliable, and secure ERP solutions becomes critical. GROW with SAP is an enterprise-ready SaaS offering based on the S/4HANA Cloud Public Edition. It is designed to help midmarket companies innovate confidently, ensuring that both their growth and security are supported. 

GROW with SAP isn’t just about technology, it’s about building a partnership and shared responsibility. SAP’s approach to security and governance ensures that businesses can focus on growth while maintaining control and compliance. SecurityBridge supports SAP customers on their journey to GROW with SAP by ensuring that security doesn’t become a bottleneck during and after the cloud migration process.


The GROW with SAP Shared Security Responsibility  

Security in GROW with SAP is a shared responsibility. While SAP provides a secure foundation through its resilient infrastructure and services, customers are also essential players in safeguarding their environments. Understanding where SAP’s responsibilities end and the customer’s begin is crucial for an effective security strategy. 

 

SAP’s Responsibilities: Securing the Cloud Infrastructure and Core Services 

SAP takes full ownership of securing the cloud infrastructure, platform, and core services that power GROW with SAP. This includes: 

  • Resilient SaaS Architecture: SAP delivers a multi-tenant cloud environment designed to ensure logical separation of customer data, protecting sensitive information in a shared environment. 
  • Backup, Restoration, and Disaster Recovery (DR): SAP ensures customer data is securely backed up and can be restored in case of incidents.  
  • Operational Security Monitoring and Incident Management: SAP actively monitors systems for potential threats and incidents, responding quickly to minimize risk and ensure operational continuity.  
  • Hardening and Patching: SAP manages and secures the infrastructure, operating systems, and applications by regularly applying security patches and updates to protect against vulnerabilities. 
  • Personal Data Breach Notifications: If a personal data breach occurs within SAP’s responsibility scope, SAP is committed to notifying affected parties in compliance with data protection laws. 
  • Adherence to SLAs and Contractual Assurances: SAP provides documented assurances through Service Level Agreements (SLAs), Data Processing Agreements (DPAs), and comprehensive support policies, ensuring contractual clarity around responsibilities.

 

Customer Responsibilities: Owning Security in the Business Application Layer 

While SAP secures the infrastructure, customers are responsible for securing how their businesses use the platform. This is where the customer’s role becomes both critical and empowering. Key responsibilities include: 

  • Configuration of Business Processes: Customers control how their business processes are designed and executed in GROW with SAP. Secure configurations help minimize risks. 
  • Tenant Administration and Management: Customers manage their own tenants, including assigning administrators, monitoring usage, and ensuring the right governance is in place. 
  • Identity Management, Authentication, and Authorization: Customers are responsible for managing user identities, ensuring strong authentication methods (such as multi-factor authentication), and defining role-based access controls to limit who can access what. 
  • Defining Business Roles and User Groups: Careful planning and assignment of business roles, user groups, and access control policies protect sensitive operations from unauthorized access. 
  • Customer Data Ownership and Protection: Customers own their data and are responsible for classifying, protecting, and ensuring compliance with regulations such as GDPR, HIPAA, or local laws. 
  • Monitoring Application Logs and Audit Trails: Customers should actively review application logs and audit trails to identify suspicious activity. 
  • Managing API Integrations and 3rd Party Connectivity: Customers are responsible for securing any API integrations, extensions, and third-party connections, ensuring data flows are safe and compliant. 

In short, SAP secures the cloud, and customers secure their configurations and usage within the cloud application. This model provides flexibility while ensuring a robust security posture when both parties fulfill their roles. 

GROW with SAP

GROW with SAP APIs for Customer’s Application Security Posture  

The GROW with SAP’s open and transparent API ecosystem provides customers with detailed insights into their security landscape. These APIs help customers integrate security data from their SAP S/4HANA Cloud Public Edition tenant into their existing Security Information and Event Management (SIEM) solutions, automate monitoring tasks, and maintain compliance. 

Here’s an overview of key API services that help customers stay in control: 

 

1. Security Audit Log API:

This API provides access to comprehensive audit log data, detailing security-relevant events. By pulling this data into a SIEM platform, customers can automate the detection of suspicious behavior or unusual activity patterns, ensuring faster response times to potential threats.

 

2. Business User and Role Change APIs:

These APIs help enforce the least privilege principle and avoid unauthorized privilege escalation by tracking who is being added, modified, or removed from your business systems. In addition, they support monitoring changes in role assignments, including new role creation or adjustments in permissions. 

 

3. Business User Role Configuration API:  

By providing details about business roles, catalogs, and application jobs assigned to users, this API enables customers to keep an overview of business role configurations and supports an efficient identity management lifecycle.

 

4. Communication Settings APIs:  

These APIs help secure integrations, detect unnecessary connections, and identify inactive or risky endpoints. Customer can 

  • View communication users and their assigned certificates, systems, and arrangements. 
  • Understand how communication systems are connected, including inbound and outbound users. 
  • Gain detailed data on arrangements between systems, outlining inbound and outbound services. 


5. HTTP Protection APIs:

With these APIs, customers strengthen web application security by preventing threats such as clickjacking and unauthorized data sharing. Data provided by these APIs support 

  • Monitoring CSP (Content Security Policy) configurations, including trusted sites and policy enforcement.  
  • Managing trusted network zones, CSS style sheets, and CORS (Cross-Origin Resource Sharing) settings. 


6. Certificate Management API:

By proactively managing client certificates, certificate trust lists, and signing certificates used across communication setups, customers reduce the risk of expired or compromised certificates disrupting operations or exposing data. 

 

GROW with SAP and Strengthen Security with SecurityBridge 

SecurityBridge enhances SAP security by seamlessly integrating these security APIs provided by the SAP S/4HANA Cloud Public Edition. This enables GROW with SAP customers to establish real-time event log monitoring, gain configuration oversight, and mature their security automation. Key benefits are 

  • Effective Threat Detection by continuously monitoring security audit logs, user activity, and role changes to detect anomalies and potential threats within the own tenant. 
  • Simplified Security & Compliance Management through an automated oversight of user roles, authorization settings, communication protocols, and system connections to identify and mitigate security risks. 
  • Proactive risk reduction by ensuring unused accounts, misconfigured HTTP protections, and untrusted certificates are identified and remediated before they become security liabilities. 

For growing companies, the cloud offers immense opportunities—but it also introduces new responsibilities. By adopting a clear shared responsibility model and providing customers with comprehensive APIs, SAP empowers businesses to actively manage their security posture.  

Interested in learning how adopting an All-in-One Security Platform for SAP can be the fastest and most efficient way to achieve a mature SAP Security posture?   

 

Contact us and we will be happy to tell you more about ourguided approach to SAP Security excellence. For more SAP security-related news, articles, and whitepapers,please follow us on LinkedIn!   

CTA 2025 Book a demo 2