Be aware of additional security risks
Many companies are busy with- or preparing to migrate their IT systems to the cloud. The cloud offers cost savings due to the economy of scale, build-in security, and an almost limitless scalability.
For SAP systems, there is another reason: by the end of 2027 SAP Business Suite customers need to have been migrated to the S/4HANA platform. Many companies are combining this switch with a move to the cloud, and as a result, SAP landscapes that were traditionally located on-premise, become split between on-premise, one or more cloud(s) while some SAP systems are replaced by the products in the SAP cloud platform.
Cloud architecture and security
Many companies assume that “the cloud” offers an intrinsically higher level of security that offers sufficient protection for SAP systems without having to take extra measures.
These companies seem unaware that even in the cloud, there must be an architecture design for SAP landscapes that uses sound security principles like zoning, identification, different environments for production systems and non-production systems, named accounts, integration with SAP Cloud, separate environments for SAProuter and SAP Cloud connector access and a secure connection between on-premise and cloud(s).
SAP systems in the cloud can be detected and exploited, just like SAP systems on-premise.
Because the cloud is new for many companies, insufficient preparation may exist in terms of governance and education. Cloud master accounts often end up as high risk shared accounts because named accounts were not created. “Classical” SAP Basis or Linux Administrators did not receive any training for the new S/4HANA systems and/or the cloud environment, so they can’t really leverage the software-based services that the cloud offers and/or effectively manage the S/4HANA systems for which they are responsible. Instance deployment is uncontrolled and sandboxes popup up everywhere, leading to large bills.
Getting in control of again in the new environment will take time.
SAP Security during and after migration
During an SAP migration project and for some time afterwards, SAP security is typically given a lower priority, because both the move to the cloud and the migration to S/4HANA take up a lot of resources and focus.
Sometimes, a “freeze” period exists during migration, meaning that changes like security patches are not applied.
Additional communication ports must be opened to facilitate communication between cloud and on-premise systems, often leading to extra risks for the on-premise SAP systems.
In addition, SAP Basis and Linux staff might be hesitant to resume the previous compliance and maintenance cycles they had, because they are still getting used to the new infrastructure and/or migrated SAP systems.
Consequently, a higher level of Risk exists during SAP migration to cloud or S/4HANA.
How Protect4S helps in Risk reduction
Protect4S helps to reduce security risks in your SAP landscape during SAP system migration to cloud and S/4HANA by establishing a 3-step Vulnerability Management process that is independent of platform and SAP system type.
Whether it is cloud or on-premise, SAP Business Suite or S/4HANA, Protect4S runs the relevant checks for any SAP platform, points out the vulnerabilities that may exist and shows how to mitigate these.
While migrating to the cloud or to S/4HANA, you will always have an overview of the latest vulnerabilities in all your SAP systems (whether located on-premise or in the cloud) and the risk they pose.
Protect4S offers a free trial so you can experience how much easier SAP Platform Security becomes with Protect4S and how easy it is to start up and work with it.