RISE: How to De-Risk the Journey

Many organisations are still using SAP ECC, often due to the decades they’ve invested in configuring, customising, and tuning it. However it’s time for the majority to make the switch to S/4HANA. There are two core reasons for this:

1. SAP ECC support ends in 2027 (if you didn’t already know this, it’s time to PANIC!).
2. The world has changed a lot since SAP ECC was released nearly 20 years ago, so a new platform is required to make digital transformation a success.

S/4HANA, is the brainchild of Hasso Platner, an SAP founder and genius. Built on the powerful HANA database, S/4HANA revolutionises data processing, streamlining operations for new efficiencies in our hyperconnected, customer-centric world. It aims to serve enterprises for the next 50 years.

But what do we need to consider as part of the journey?

As anyone remembers from years ago implementing SAP ECC, this is a monumental task. It is like building a cruise liner from scratch. No, that is too small. It is like building a planet from scratch. No, that is too big. It is like building a Death Star from scratch.

Let’s think about why it’s such a daunting task…

● Cost - An important factor to consider, including licensing, infrastructure upgrades, cloud fees, partner implementation fees, training, testing, post go-live hyper care, and managed service expenses. On the positive side, you can save on system integration (SI) travel and expense costs, as they are currently working remotely and won't require additional perks like three bottles of Barolo as a per diem.

● Complexity – When transitioning to S/4HANA, several factors need consideration. This includes translating your existing business processes, identifying new integration points, transforming and migrating data, understanding the responsibilities of cloud providers, adapting to new UIs, implementing DevOps procedures, and addressing security responsibilities.

● Change management – It’s not just about the tech, but more importantly the people and processes. If they are not on board, then all that implementation cost will be better saved for bonfire night.

● Risk – There are multiple shared responsibilities, skills gaps, short term system stability, new tech and process changes that can disrupt an organisation.

With all of that being said, preparation is key.

To minimise these issues, you have a number of options: either avoid the migration, do this with a partner, or choose RISE with SAP, known as 'Transformation as a Service.' This offering assists in migrating from SAP ECC to S/4HANA while reducing risks through comprehensive services and technology support throughout your journey.

RISE is like the best ice cream shop. You get a double scoop with your choice of flavours, toppings, sauces, flakes, and cherries. They even spoon-feed you and take care of all the shop's maintenance, from cleaning melted ice cream to managing heating, lighting, and air temperature.

But, there are a few caveats…

All the above issues remain, but the risk increases massively from a security perspective for a number of reasons:

1. The assumption and mind set of many SAP customers from SAP ECC days, assumes systems are secure by default. However, this is not the case.
2. As you migrate to S/4HANA, the surface area of attack increases as you become more connected, agile, and real-time.
3. The threat landscape has changed and the bad actors are actively targeting the SAP application layer directly and out-of-the-box security controls you have in place can be bypassed.
   
   

The SAP ECC security landscape has evolved. It shifted from annual pen tests, manual checks, and siloed tools to continuous monitoring, automation, enterprise-wide risk management, IT general controls, content purchasing, and research findings.

There are, of course, SAP security services and offerings to choose from but you now need to complement these with SAP cybersecurity as part of this journey. The nuances between the two are as follows:

- SAP security focuses on identity and access management, as well as internal application controls at the data level. For instance, authenticated finance users are granted access only to the relevant financial data for their role, ensuring protection of sensitive HR data.

- SAP cybersecurity prioritises IT general controls to prevent or detect harmful events from both external and internal sources. For instance, a vulnerability management policy identifies and addresses the risk of external attacks through unencrypted internet-facing servers.

The good news is that SAP Cybersecurity aids your transformation by enhancing efficiency and reducing enterprise risk. You can automate and integrate numerous siloed tools and manual checks into your S/4HANA processes. For instance, the SAP cybersecurity platform automates patching and provides remediation advice, freeing up the Basis team and architects to support your S/4HANA transformation.

Whilst Solution Manager, Early Watch, and Focused Run offer some security related checks the main focus of these tools are performance, availability, and uptime of the system itself. These are vitality important, but what the SAP Cybersecurity platform offers is a deep-dive check of vulnerabilities across the entire SAP landscape, including production and non-production systems to give a holistic view of risk across the enterprise. This goes beyond just patching, but also checks configuration settings, parameters settings, privileged access management and interfaces which will all be in flux during the SAP migration.

Today, a real-time, comprehensive view of vulnerabilities is essential. When an issue is detected, step-by-step resolution advice minimises resolution time. As you address the issue, the platform provides real-time alerts for ongoing exploits, serving as a compensating control. This proactive mindset is crucial to stay ahead of increasingly sophisticated attackers.

Another example is that organisations want to be more agile and adopt a CI/CD process with S/4HANA. The SAP Cybersecurity platform supports this by automatically scanning custom code and offering corrections for the majority of the critical security vulnerabilities at the touch of a button. It integrates to commonly used transport release tools so that it integrates natively with the Release management process. It also supports not only ABAP development, but also new IDE’s such as Eclipse, SAP BTP, SAP HANA Studio but also languages used with S/4HANA development such as UI5, XSJS, Node.js and SQLScript. This aligns to your desire to become more agile with S/4HANA and automates a lot of manual processes that we currently see in place.

You have to change your security mindset as you move to S/4HANA. Be it with RISE or without it. But the reality is that you should reframe this SAP cybersecurity strategy as a value driver, not another cost item. It’s not as difficult as you think, we can help you on this fantastic journey with a security first mindset.

Click here to find out more.