Skip to content

How to use the S/4HANA migration to increase your security posture 

S/4HANA migration

“There are a few constants in life” – a statement that also applies to the SAP user community. It has always been a challenge for SAP customers to bring their large SAP environments to a current release level. Although the vendor has done a lot in the past to simplify this, it is still not a complex undertaking. However, the S/4HANA migration comes with more stumbling blocks that facilitate a chance to rethink the current SAP Cybersecurity approach. 

What is the S/4HANA migration?

In keeping with the current zeitgeist, every SAP customer is talking about S/4HANA migration or S/4HANA transformations. Although the transformation has a much broader business context, it pursues the same goals as the migration. After the project, customers intend to take full advantage of the new functions of the S/4HANA product portfolio.   

Take your chance

With these – sometimes dramatic – changes that organizations undergo in a S/4HANA transformation, there is an opportunity to integrate cybersecurity thinking directly into the architecture and create a secure foundation for future processes and innovations. To paraphrase one of our partners: “Security should be built-in, instead of added on”. 

Starting situation: SAP NetWeaver

Many of the customers we speak with have had SAP environments in place for several years. And so, it is no surprise many are practicing cyber hygiene but have not been able to integrate cybersecurity into their processes and architecture from the ground up. But that is no reason to bury your head in the sand. With the upcoming S4/HANA project, there is an opportunity to make up for this omission from the past. 

What has changed?

I think some experienced SAP experts will ask themselves what makes this “upgrade” project different from the previous ones and what has changed that now leads to this new possibility.  

In my view, there are primarily three things:  

  • Prioritization of cybersecurity: Management has a clear view of the challenge and supports the measures that are necessary for cyber protection.  
  • Innovation in SAP Cybersecurity: Today, it is possible to monitor the security-relevant actions and transactions in the SAP application with a manageable team. The level of automation provided by SecurityBridge, for example, makes it possible to respond to incidents.  
  • Technology shift: Due to the technological change from SAP NetWeaver to S/4HANA, the established process often must be touched. With each change, reliability and efficiency should increase. If we take a file-based interface as an example, you should aim to switch to APIs and encrypt data in transfer.  

Aim high and don't settle for less.

Take the opportunity and put “cyber resilience” on the list of project goals at the very beginning of a project. Include qualified consultants or in-house security architects in all project set-up discussions. Ask how to maintain the achieved security state in the long term. Additionally, please do not forget to integrate efficient SAP Vulnerability Management in the implementation of your project. This includes:  

  • Vulnerability scan  
  • Patching  
  • Custom code vulnerability analysis  
  • Threat detection  

Are you looking for a qualified System Integrator (SI) to address these issues? We will be happy to provide a recommendation. Please do not hesitate to contact us. 

Posted by

Christoph Nagy

Find recent Security Advisories for SAP©

Looking into securing your SAP landscape? This white-paper tells you the “Top Mistakes to Avoid in SAP Security“. Download it now.

SAP Security Services
SAP Cybersecurity
Ivan Mans

Game changer: Managed SAP Security Services

Many companies have recognized the need for SAP cybersecurity, but many have also realized that they cannot accomplish this alone. There are many reasons for this. It can be due to the internal teams’ workload or due to the employee’s level of knowledge.

However, there is a solution that neither burdens your internal staff nor demands additional knowledge. A specialized managed SAP Security Service allows you to harden mission-critical systems, detect and promptly counteract non-compliance, and implement monitoring with accurate anomaly detection.

Read More »
Patch Management
Press coverage
Patricia Franco

SecurityBridge Releases New One-Click SAP Patch Automation 

SAP security provider SecurityBridge—now
operating in the U.S.—today announced the full integration of its SAP Security Platform with
the Microsoft Sentinel cloud-native Security Information and Event Manager (SIEM) platform
and its membership to MISA. SecurityBridge was nominated to MISA because of the integration
of its SAP Controller to the Microsoft Sentinel dashboard. SecurityBridge is a Smart Data
Adapter that significantly simplifies security monitoring of critical and highly specific business
applications.

Read More »
SAP Security Services
SAP Cybersecurity- Security News
Many companies have recognized the need for SAP cybersecurity, but many have also realized that they cannot accomplish this alone. There are many reasons for this. It can be due to the internal teams' workload or due to the employee's level of knowledge. However, there is a solution that neither burdens your internal staff nor demands additional knowledge. A specialized managed SAP Security Service allows you to harden mission-critical systems, detect and promptly counteract non-compliance, and implement monitoring with accurate anomaly detection.
Patch Management
SAP security provider SecurityBridge—now operating in the U.S.—today announced the full integration of its SAP Security Platform with the Microsoft Sentinel cloud-native Security Information and Event Manager (SIEM) platform and its membership to MISA. SecurityBridge was nominated to MISA because of the integration of its SAP Controller to the Microsoft Sentinel dashboard. SecurityBridge is a Smart Data Adapter that significantly simplifies security monitoring of critical and highly specific business applications.
Angriffserkennung für SAP
SAP Cybersecurity- SAP Identity and Authorization- SAP Threat Monitoring- Security News
Viele unserer Leserinnen und Leser erinnern sich noch an den 25. Mai 2018, Stichtag der bindenden Einführung der Datenschutzgrundverordnung, kurz DSGVO. Verstöße gegen die neue Regelung können seitdem zu drakonischen Strafen führen. Nun steht, zumindest für diejenigen Unternehmen, die zur kritischen Infrastruktur (KRITIS) von Deutschland zählen, ein ähnlicher Termin ins Haus. Am 1. Mai 2023 müssen betroffene Unternehmen ein System zur Angriffserkennung eingeführt haben.
SAP Cybersecurity Risks
SAP Cybersecurity- SAP Security Framework- Security News
Recently, we gave an insight into the known SAP attackers in our blog. Of course, it can already be deduced from this that there are internal and external SAP attackers. That is why today, we want to look at this from an SAP cybersecurity risk perspective.