Many organisations are still using SAP ECC, often due to the decades they’ve invested in configuring, customising, and tuning it. However it’s time for the majority to make the switch to S/4HANA. There are two core reasons for this:
S/4HANA, is the brainchild of Hasso Platner,
an SAP founder and genius. Built on the powerful HANA database, S/4HANA
revolutionises data processing, streamlining operations for new efficiencies in
our hyperconnected, customer-centric world. It aims to serve enterprises for
the next 50 years.
But what do we need to consider as part of the
journey?
As anyone remembers from years ago
implementing SAP ECC, this is a monumental task. It is like building a cruise
liner from scratch. No, that is too small. It is like building a planet from
scratch. No, that is too big. It is like building a Death Star from
scratch.
Let’s think about why it’s such a daunting
task…
● Cost - An important factor to consider,
including licensing, infrastructure upgrades, cloud fees, partner
implementation fees, training, testing, post go-live hyper care, and managed
service expenses. On the positive side, you can save on system integration (SI)
travel and expense costs, as they are currently working remotely and won't
require additional perks like three bottles of Barolo as a per diem.
●
Complexity –
When transitioning to S/4HANA, several factors need consideration. This
includes translating your existing business processes, identifying new
integration points, transforming and migrating data, understanding the
responsibilities of cloud providers, adapting to new UIs, implementing DevOps
procedures, and addressing security responsibilities.
●
Change
management – It’s not just about the tech, but more importantly the people and
processes. If they are not on board, then all that implementation cost will be
better saved for bonfire night.
●
Risk – There
are multiple shared responsibilities, skills gaps, short term system stability,
new tech and process changes that can disrupt an organisation.
With all of that being said, preparation is
key.
To minimise these issues, you have a number of
options: either avoid the migration, do this with a partner, or choose RISE with SAP, known as
'Transformation as a Service.' This offering assists in migrating from SAP ECC
to S/4HANA while reducing risks through comprehensive services and technology
support throughout your journey.
RISE is like the best ice cream shop. You get
a double scoop with your choice of flavours, toppings, sauces, flakes, and
cherries. They even spoon-feed you and take care of all the shop's maintenance,
from cleaning melted ice cream to managing heating, lighting, and air
temperature.
But, there are a few caveats…
All the above issues remain, but the risk
increases massively from a security perspective for a number of reasons:
The SAP ECC security landscape has evolved. It
shifted from annual pen tests, manual checks, and siloed tools to continuous
monitoring, automation, enterprise-wide risk management, IT general controls,
content purchasing, and research findings.
There are, of course, SAP security services and offerings to choose from but you now need to complement these with SAP cybersecurity as part of this journey. The nuances between the two are as follows:
-
SAP security
focuses on identity and access management, as well as internal application
controls at the data level. For instance, authenticated finance users are
granted access only to the relevant financial data for their role, ensuring
protection of sensitive HR data.
-
SAP
cybersecurity prioritises IT general controls to prevent or detect harmful
events from both external and internal sources. For instance, a vulnerability
management policy identifies and addresses the risk of external attacks through
unencrypted internet-facing servers.
The good news is that
Whilst Solution Manager, Early Watch, and
Focused Run offer some security related checks the main focus of these tools
are performance, availability, and uptime of the system itself. These are vitality
important, but what the
Today, a real-time, comprehensive view of
vulnerabilities is essential. When an issue is detected, step-by-step
resolution advice minimises resolution time. As you address the issue, the
platform provides real-time alerts for ongoing exploits, serving as a
compensating control. This proactive mindset is crucial to stay ahead of increasingly
sophisticated attackers.
Another example is that organisations want to
be more agile and adopt a CI/CD process with S/4HANA. The SAP
You have to change your security mindset as
you move to S/4HANA. Be it with RISE or without it. But the reality is that you
should reframe this SAP cybersecurity strategy as a value driver, not another
cost item. It’s not as difficult as you think, we can help you on this
fantastic journey with a security first mindset.
Our latest insights and thoughts