Marketing Communications Manager at ERP Maestro.
Manage Risk While Leveraging SAP Digital Transformation
2020 will be a year of change and digital transformation for many SAP customers.
More and more companies are expected to begin migration to S/4HANA and the HANA database. Some will move to an SAP cloud environment for the first time while others will take greater advantage of the SAP cloud application ecosystem. The year ahead will also mean an upgrade or change of access controls for those on SAP’s version 10.1 since SAP will no longer support it after December 31, 2020.
While the end of support for SAP ECC doesn’t come until 2027, companies are already making the big move to the latest ERP solution. In the last update to SAP’s Corporate Fact Sheet of October 2019, the company reported 12,000 licensed S/4HANA customers.
The major driver for migration, according to an August 2019 SAPinsider report, has been digital transformation. According to the report, Benchmarking the Business Case for SAP S/4HANA, survey respondents classified as “leaders” were driven to migrate for the digital transformation and optimization of business processes.
Digital transformation can lead to increased opportunities for SAP users, but it comes with some risks, too. SAP customers need to modernize their use of SAP to reap greater business value and efficiencies, but they also need to advance wisely and safely, especially from a cost and security perspective. Let’s take a deeper look into these opportunities and how your organization can apply internal security practices for each one.
Migrating to S/4HANA
SAP’s S/4HANA is one the biggest technological advances SAP has made in their system in over two decades, and it’s also a major transformative opportunity for SAP customers.
SAP’s shift to an ERP digital core alters everything, including some of functionality that used to reside within the solution. With the development of S/4HANA, some modules that formerly were a part of SAP’s ERP, such as human resources, no longer exist in the ERP. Instead, they are part of the cloud application ecosystem and connect to the digital core. SAP Ariba, Concur, Hybris, Fieldglass, and SuccessFactors are some of the solutions in SAP’s growing app portfolio.
Despite being able to achieve better agility and scalability with SAP’s cloud solutions, S/4HANA is different in architecture and complexity – and that can impact security controls. One primary change is that new t-codes are introduced in S/4HANA, while some existing t-codes become obsolete and underlying tables are changed. If these factors aren’t considered before migration is completed, organizations could find that their security environment is full of holes, over-provisioned access and controls that aren’t properly managing access risk.
To avoid this, incorporate adequate planning of security design in the blueprinting phase of migration – i.e., before implementation and go-live phases. When organizations don’t do this, the migrated environment brings its own legacy issues to S/4HANA, and with the different t-codes and tables changed, it makes security design even more frustrating. Don’t wait until go-live to design security controls for S/4HANA. ERP Maestro recommends a phased approach to implementation and including security and controls in those phases.
Moving to Cloud Deployment
Many customers will be also be moving to the cloud for the first time in their S/4HANA migration. A 2019 report by SAPinsider on the state of S/4HANA revealed that 60% of SAP customers surveyed were choosing cloud deployment – either public, private or hybrid. It makes sense. On-premise cannot compare to the economic benefits over time with cloud. It simplifies support and infrastructure and provides unparalleled ability to scale. Customers can reduce data storage costs, get more data storage options, ensure business continuity and data backups, and many times, experience better external security than they could in-house.
Moving to S/4HANA also means moving to the cloud application ecosystem, if you want to use applications that once resided as modules within ECC but now live outside of the digital core. These apps, such as SAP’s SuccessFactors, Hybris, Ariba, Concur and Fieldglass are integrated with the core and share the HANA database. But how will a cloud deployment and connection to these applications impact internal security?
For one, it can make it more challenging to monitor access risks across all systems. Having a single solution that can manage access risks across the entire SAP environment and doesn’t have extensive implementation or an end-of-life date is one option for organizations concerned about both access risk security and the cost to maintain it.
Digital transformation is a powerful tool for companies, but it must be used properly and with caution. Not every transformation can lead to lower cost and complexity despite utilizing the latest and greatest technology. In fact, companies may unknowingly invest in solutions that lead to “upgrade traps” and inability to scale at rapid speed. SAP will continue to evolve its solutions and lead the path to digital transformation, but organizations must be aware of the risks with each opportunity and how it will affect the organization in the long term.