SAP Security Considerations When Migrating to the Cloud

May 25, '21 by Joerg Schneider-Simon

Keeping data, processes, and people safe while in the cloud is something businesses often overlook until something goes wrong.

According to a study by Onapsis and ASUG on "Digital Transformation and Security," 57% of businesses have almost completed or are planning SAP S/4HANA migrations. And a further 47% of them have already migrated to cloud-based systems.

In the same study, 91% of the respondents agree that security plays a central role in migrating SAP applications to the cloud.

If only their companies agreed.

Unfortunately, more than two-thirds (68.8%) of SAP users believe their companies put insufficient focus on IT security during their previous SAP implementations. And 20.8% of SAP customers don't acquire adequate tools, skills, and resources to manage risks and secure their SAP environments and applications.

of SAP users believe their companies put insufficient focus on IT security during their previous SAP implementations

Many organizations assume that security is a given in cloud platforms, but that's not true at all. From configuration errors and other slip-ups to deliberate hacks and exploits, there are several ways to potentially undermine the security of cloud SAP environments.

This is where businesses find it difficult to protect their data when transferring from on-premises to cloud platforms. They also struggle to reinforce that security after the successful cloud adoption.

Here are four of the critical SAP security issues to look out for, along with our suggestions on how to mitigate them.

1. Weak Access Controls

Access management risks are the most significant challenges to the integrity of cloud-based SAP ERP systems that grant access, leading to unauthorized activities. Fraudulent access disrupts your cloud computing migration plan and business operations … and can result in a hefty financial loss.

Given the complicated and granular authorization model that SAP uses, it's challenging for companies to identify issues without the right tools in place. Make sure you have the necessary tools and resources to perform a risk analysis. Segregating duties is a proven way to mitigate opportunities for fraud, so utilize a segregation of duties SoD matrix to highlight the underlying risks associated with access management.

Also, some organizations simply take too long to disable standard passwords on cloud access. This gives hackers time to create entryways into the cloud network using valid accounts and passwords. The result is undetected compromise which often results in theft of data. As all mission-critical assets, SAP systems must be configured to use strong authentication, such as 2-factor authentication and/or biometrics – or at the very least a strong-password policy along with short password lifetimes.

2. New Compliance and Regulatory Requirements

Make sure you can fulfill the compliance and regulatory requirements when your data is stored, transmitted, or processed between physical and cloud network environments.

Compliance is put at risk when organization-spanning data security teams are not fully involved in SAP cloud migrations. The project-specific SAP security experts essentially have limited scope to determine who has access to what.

This is a clear example of minor mismanagement issues causing significant losses. Enhancing your efforts to ensure SAP security requires proper resources, actions, and a robust strategy to get it right.

Ideally, draw out a detailed but clear roadmap for secure and protected IT infrastructure when migrating to the cloud. Then use it to establish a flexible compliance and regulatory strategy to adapt to the new standards.

roadmap-iconDraw out a detailed but clear roadmap for secure and protected IT infrastructure when migrating to the cloud.

To minimize the chance of falling flat during implementation, make sure to understand the industry-specific legal implications — and any stringent regulations — you face in the cloud.

Without meeting the necessary regulatory standards, your business security will be at risk while also resulting in lengthy and costly litigation. Ensuring consistency between policy enforcement and security solutions across multiple infrastructures and environments is critical for your business.

3. Data Safety

Encryption deters data theft to a great degree and mitigates the overall impact of a data breach when shifting to a cloud platform. It helps organizations comply with regulations and works well as a practical security measure when migrating to the cloud.

While many cloud service providers offer data encryption options, you must encrypt your data yourself during transit.

You can implement encryption for all your data in transit by enforcing TLS on all web-traffic and limiting the access to non-web resources to VPN-connected devices only and by leveraging SAP Secure Network Communication (SNC) This protects your data before and throughout the transfer to the cloud.

SAP to cloud migration requires encoded data in transit. But you can't be sure it is 100% safe from prying eyes unless you leverage secure transport protocols, such as HTTPS during data transfers. By securing and encrypting your sensitive data and storage, you can better control how your business manages its cloud environments.

4. Active Content Threats

Because SAP is used for so many business functions, very few organizations keep it internal-access only. Instead, external parties like vendors, customers, and job applicants are able to upload documents to SAP applications.

Unfortunately, attackers can use this same mechanism to launch active content attacks. The active content – such as a macro or JavaScript – is scripted to trigger an action when the file is displayed, making it the perfect springboard for malware attacks.

To further complicate matters, these types of attacks cannot be prevented via standard OS-level anti-malware programs. Therefore, it’s critical to ask detailed questions of your potential cloud service provider to see if they use an anti-malware solution that is SAP-certified (and even better yet, one that is designed specifically and solely for SAP).

New call-to-action

Migrating to the Cloud with SAP Security on Target

The cloud has opened up a new world of possibilities. However, with the advantages of digital transformation there comes an increased risk of code vulnerabilities, data breaches, misconfigurations, and poor execution.

A robust strategy that ensures the highest security levels helps you migrate your SAP applications to the cloud without compromising the security of your critical business information.

SAP cybersecurity software from bowbridge is an integral part of this drive. It helps you perform rigorous cybersecurity self-assessments and mitigate security risks while keeping privacy at the forefront. If you are a cybersecurity or SAP manager looking for ways to secure cloud adoption for your organization, get in touch with us today.

Take the SAP Security Self-Assessment