Skip to content

Microsoft Azure? Top 3 reasons why it is relevant for sap customers

Microsoft Azure for SAP

Lately, I keep hearing about MS Azure being attractive for SAP operations. From my point of view, the reason is easy. This is because there is now a SecurityBridge Threat Monitoring Solution for MS Sentinel available :). But joking aside, in this article, I would like to share with you my humble opinion on the added value of SAP operation on Microsoft Azure.  

What is Microsoft Azure?

For those who have never had anything to do with Azure, the short answer is Azure is a hyper-scaler like Amazon AWS or Google Cloud. These big three have recognized the opportunity to offer computing power for the computer-intensive business applications of SAP. SAP virtualization is now easier in the cloud than in your own data center.   

Back to Azure. Few may still know that the service was formerly called Windows Azure and has existed since February 1, 2010. That is almost 8 years after Amazon AWS launched its services in July 2002. MS Azure says it already has a presence in more than 140 countries and 58 regions. It is, therefore, also possible to operate your cloud data center on German or European soil. In addition to some general reasons why hyper-scales are very attractive to SAP customers, we also need to look at why Azure is and not AWS or G-Cloud.    

MS Azure benefits for SAP customers

You probably have heard of it. There are supply chain problems that, unfortunately, also hurt the delivery time and pricing of new hardware for your own data center. Therefore, buying the required computing power from Microsoft or its competitors can be of enormous advantage. 

Hyper-scalers usually have better access to the hardware manufacturers, if only because of the annual purchase quantities.  

Until now, SAP customers mainly relied on external computing capacity to cover short-term or temporary requirements. And Microsoft makes the deployment of SAP systems particularly easy. Automated infrastructure and instance deployment can be realized when using Ansible. By the way, the existence of many knowledgebase pages that specifically revolve around SAP also offers great added value. Network segmentation, SAP HANA scale-ups, etc., are described in detail. See also

I am also a fan of the interface, which for me comes across as less complicated than, for example, AWS, which I have been working with for many years. Due to the global distribution of data centers, MS Azure naturally offers a suitable location for companies within the European Union, e.g., to meet GDPR requirements. However, this is not a unique selling point compared to the other providers.

What SAP customers particularly appreciate, however, is the monitoring of performance and security.  

Azure offers Microsoft Sentinel, a cloud-native SIEM that can also process SAP logs. There is even a free adapter, although it is still in “preview” mode. The mere existence of this SAP adapter proves that Microsoft is taking SAP customers’ concerns into account and creating an attractive offering. In addition to security monitoring, SAP customers must, of course, also pay attention to system performance. This can be achieved with the Microsoft Azure Monitor, which can display all important metrics for SAP. 

How does MS Azure support SAP Security?

Security concerns are often perceived as a hurdle on the way to the cloud. Although Microsoft offers its adapter, customers are free to use 3rd party solutions such as SecurityBridge Threat Detection for SAP. This is extremely easy via the SecurityBridge App for Microsoft Sentinel, which is available in the Azure Marketspace. The SecurityBridge App for MS Sentinel has many advantages over Microsoft SAP Threat Monitor and offers more use cases in comparison. 

That flexibility and the obvious prioritization of cybersecurity concerns of customers/prospects makes MS Azure particularly interesting for SAP customers.  

Conclusion

I have to admit that it’s hard to draw a clear line between Azure and its competitors. Although Microsoft Azure is a leader in various areas, e.g.:  

  • Simplicity  
  • Scope of documentation
  • Range of functions (e.g., security and performance monitoring)  
  • etc.

In my opinion, it has a clear advantage, but it cannot completely overtake the pursuers – AWS and Google Cloud. I found it very easy to get going with Microsoft Azure, as many things are automated, and there is very detailed documentation. That is something I missed in my early days with AWS. 

Posted by

Ivan Mans
Find recent Security Advisories for SAP©

Looking into securing your SAP landscape? This white-paper tells you the “Top Mistakes to Avoid in SAP Security“. Download it now.

SAP security by design
Security-by-design is a principle that emphasizes the need to build security measures into software systems from the start rather than as an afterthought. SAP projects need to embed security conciseness to respect this principle and gain a cyber-resilient application. Thus, they should prioritize security when designing and implementing their SAP systems rather than attempting to bolt on security measures afterward. This can help to prevent security breaches and minimize the damage caused by cyberattacks.
coding
Remote Code Execution (RCE) vulnerability in SAP is a type of security issue that allows an attacker to execute arbitrary code on a target system remotely. has gained control of a user's click, they can execute a range of actions, such as transferring funds, changing user settings, or stealing sensitive data.
Management Dashboard
SAP security provider SecurityBridge—now operating in the U.S.—today announced the latest addition to the SecurityBridge Platform—the Management Dashboard for SAP security. The SAP Management Dashboard is a no-cost, additional application for the existing SecurityBridge Platform that combines all SAP data aspects and presents the information through a customizable, single pane of glass security dashboard view.
Hacker mining SAPsecurity
SAP Cybersecurity- SAP Vulnerability
In recent years, cyberattacks against SAP systems have become more common, with attackers gaining network access and then exploring critical applications through port scanning and script-based exploration. Two examples of such attacks that use the SAP RFC SDK are the password lock attack and the password spray attack. In this article, we will outline how to detect these script-based attacks against SAP.