SAP is planning to move all its customers to cloud systems. Its software is used by most midsize and larger companies in the German-speaking countries, including around half of all the businesses in Germany alone. Making the transition requires solid planning and entails a tremendous amount of organizational effort on the part of IT managers.
In connection with this development, support for all other SAP products is to be discontinued by 2025 – but what does that mean exactly? What changes will be involved, where do the risks (and opportunities) lie for companies, and how can they ensure security and compliance in their SAP landscapes?
An overview of SAP Cloud
To offer a brief and precise explanation of the cloud, there are hardly any differences between an on-premise and a cloud system from a hardware perspective. In an on-premise system, the server is most often operated at the company in question or at a data center. One of the only things that may change in a cloud scenario is the data center operator; SAP Cloud data centers, for example, are typically run by SAP itself. In cases where the company is the operator, the servers are moved to an SAP data center for operation and maintenance. The chart below provides a short overview of the differences:
SAP currently offers 14 different cloud solutions, which is why we won’t get into the differences among the individual cloud services involved. Generally speaking, however, SAP Cloud can be divided into two subareas: the private cloud and the public cloud.
Customers in both areas enjoy the benefits of a software-as-a-service (SaaS) model, which means that the license costs already include server maintenance and the installation of updates. In the cloud, they can also take advantage of fully managed services for SAP systems.
For new SAP releases, fixed time periods continue to apply in the public cloud. Enhancements within the framework of SAP HANA Cloud Platform (HCP) are possible, as well. Legacy systems, meanwhile, can be moved into a private cloud with very little effort (or none at all). Here, additional costs are usually incurred for maintenance and operations if certain enhancements aren’t HCP-compatible.
How to take initiative in seven easy steps
1. Updating legacy systems
The S/4HANA operating system and the HANA database format likely represent the biggest technical challenge posed by SAP Cloud. Overhauling your in-house systems to bring them up to speed with S/4HANA is the first important step in preparing for your transition to the cloud. ERP Central Component (ECC) systems need to be updated to release 6.06 or later to make them HCP-compatible.
2. Forming a team of experts
To ensure the success of your migration to S/4HANA (and eventually to SAP Cloud), you’ll need experts in each of the technical areas involved. The functions of certain transaction codes have changed, the authorization structure has been divided in two, and companies are facing all-new issues in risk management. Even if your system line is on the smaller side, a single person will likely find it difficult enough to keep an eye on everything. Then there are often other lines to consider, along with the risk of colleagues calling in sick within the department in question. Here, sufficient technical expertise helps ensure that everyone involved in the project can work in concert. External consulting can be particular helpful here as a means of mitigating internal tension. Outside experts usually offer a more objective view of the situation, as well.
3. Planning a strategy
Managers can always expect to face questions like how, when, and to what end. If it hasn’t already, the work you invested in assembling an expert team will prove worthwhile in this regard. Discussions and coordinating activities are necessary, but they can quickly prolong the process at this stage. At the same time, you’ll be able to save a lot of time, money, and other resources. Problems that individual employees may have overlooked can be scrutinized from different perspectives, and an advance effort can be made to come up with solutions together.
4. Taking advantage of opportunities
Once all your objectives have been set and all the questions regarding your strategic migration have been answered, there’s one final decision to make: Are you really that attached to your ABAP security flaws, or is it time to say goodbye? As you move into the cloud, you’ll already be dealing with a significant amount of work. Everything needs to be planned and thought through, and some applications may require adjustments. Ideally, the transport to your new system will be the only item on the agenda. This is the perfect opportunity to save yourself a lot of effort while reducing long-term costs and safeguarding your other systems. It’s also something every SAP manager should take advantage of – especially if the transition is going to happen anyway. Why not cleanse your system of source code vulnerabilities and make sure you’re only taking active code with you?
5. Testing
When all your goals are defined, the adjustments are done, and every question has been answered, things are getting serious. This doesn’t mean you shouldn’t take the time to do some extensive testing, though. Doing so will enable you to minimize the challenges that can arise while going live and come up with corresponding solutions in advance. Having a plan B to fall back on can’t hurt, either. For added security, you can also create backups of your production systems. Whatever the situation, it’s a good idea to choose test systems that are about as large as one of your average production lines. This will increase the effort required, but the results of your testing will be commensurate with the actual situation you can expect. After all, when you buy a new car, you don’t often test-drive the toy version! This also gives you the chance to assess changes in system behavior and prepare employees for their new workflows.
6. Info, info, and more info
Before you finally begin with the actual transition, one last thing needs to be done in preparation: Get your employees on board and provide them with extensive information on your planned migration. This is about more than just telling them what they should do while the move is taking place; questions about what will happen before and after are just as important as the process itself. Is every employee aware of his or her responsibilities prior to the transition? What will change for each individual once it’s complete? A clean migration is a fine thing, and the costs of a subsequent dry run can delay your fresh start in the cloud. Employees may have been trained too late, for example, or they may not have the information they need on how their work environment will change with respect to different transaction codes, procedures, or user interfaces.
7. A diligent migration
Regardless of how much time and effort has already gone into your planning, the actual migration should still be conducted with care; after all, even the most meticulous preparation can’t always prevent challenges from arising during the process. Such issues will remain more than manageable thanks to your thorough planning and conscientious approach, however, giving you the freedom and flexibility to react to a changing situation.
SAP security and compliance: opportunities and risks in switching to the cloud
For some, it’s a source of headaches; for others, a long-sought savior: We’re talking, of course, about the move to SAP Cloud and the corresponding transition to an S/4HANA system landscape. The biggest change involved is surely SAP web access, which makes it possible to access an SAP system from just about anywhere. But what if someone’s login data does manage to fall into the wrong hands? Here, we need to talk about networks, as well: Cell phones, public hotspots, and private networks are often not adequately protected. A user who logs into SAP Cloud via a connection of this kind represents a significantly higher security risk. The protection afforded by a firewall and company-internal configurations no longer applies; new or expanded developer guidelines are thus needed to account for web access. This reflects the general rise in security and compliance requirements.
In many cases, moving to an S/4HANA system landscape also entails structural changes. Plenty of companies simply want to move their legacy data to this new environment in a legacy format if at all possible. This, however, would make about as much sense as running old software in compatibility mode instead of switching to the latest version. And let’s be honest: You use the automatic update feature on your smartphone, don’t you? Or have you deactivated it manually? Try to think of the transition to an entirely new system as an opportunity – then you can prepare for it just like you would before moving into a new home. What’s more, your company will be able to choose the underlying software architecture it wants. It’s almost like being able to design the room layout before your new house is built. Here, you can also save yourself a lot of work by getting rid of old, unused programming code rather than taking it along. We’ll be happy to put our experience and specialized personnel at your disposal. But wait, it gets even better: If you check your system for security flaws and eliminate them before making the move, you’ll be protected online from the very first day. Our SAST SUITE will also keep you secure for the long term while making audits one of your easiest tasks.
If you find yourself wondering which cloud services are right for your company, get in touch with us today: sast@akquinet.de. You can also check out the SAST SOLUTIONS website for more information on our portfolio.
You will also find a recording of this topic in our webinar archive. Simply request your access here.
Jonas Kelbert, Platform Security (SAST SOLUTIONS)
These articles may also be of interest to you:
SAP Security & Compliance: Challenges in the Context of S/4HANA, Code Security, and the Cloud