Interview with Ralf Kempf: Secure transformation to SAP S/4HANA

SAST Blog: Interview with Ralf Kempf: Secure transformation to SAP S/4HANA Ralf Kempf, CTO SAST SOLUTIONS, and his team have already guided many enterprises through their migration to SAP S/4HANA. He talked about his recipes for success in an interview with Ulrich Parthier, publisher of it management magazine.

Excerpts from the interview are provided below.

Ulrich Parthier: The crucial question when it comes to changing over to SAP S/4HANA is how can you manage the transition? Should I start the implementation from scratch or can I migrate existing processes?

Ralf Kempf: The ideal method for a given enterprise is always an individual consideration. Does it make the most sense to trim all the accumulated “process fat” and start over in a greenfield approach? Or is your highest priority to minimize costs, so you choose a brownfield approach instead? And, of course, there is the middle ground: the selective data approach, which enables you to migrate good processes and redesign obsolete ones.

All of these approaches have one thing in common: all too often, we see that the persons responsible aren’t really aware of the challenges they face at the start of a project. This not only costs time later, but also frequently incurs significant additional costs.

Ulrich Parthier: The area of security is a real Sword of Damocles. How can a good strategy help you avoid security vulnerabilities in SAP S/4HANA?

Ralf Kempf: It’s a fact that nearly half of the enterprises that plan a migration to SAP S/4HANA neglect to safeguard the new systems. But ignoring security aspects can result in significant economic harm, despite the fact that a migration project also gives you the opportunity to take your SAP IT migration to a new level, with a cleanly designed, holistically planned security and compliance strategy for safeguarding the IT systems.

Ulrich Parthier: In your experience, what are other common mistakes made on migration projects to SAP S/4HANA?

Ralf Kempf: One frequent misconception is that Fiori – the new user interface with SAP apps – is a solution for nearly everything. But Fiori isn’t even comprehensive on SAP’s side yet; many processes aren’t supported. That’s why we recommend only using Fiori where it truly adds value and simplifies things.

Another mistake that we unfortunately encounter all too often are “legacy burdens” that are essentially migrated to the new system inadvertently – the source code is a specific example here. Instead of analyzing things beforehand to determine what they really need, they simply copy everything on a 1:1 basis. The consequence: All the vulnerabilities are transferred as well, along with source code that is no longer even used, yet still opens up popular back doors for cybercriminals. The costs of such negligence can reach the millions.

Damage like this is absolutely avoidable by devising an end-to-end strategy for SAP S/4HANA security from the start.

SAST Blog: Interview with Ralf Kempf: Secure transformation to SAP S/4HANA
Read the full interview online (in German) in the October 2020 issue of it management.

Also interesting for you:

SAP S/4HANA authorizations – it’s your choice: brownfield or greenfield

SAP S/4HANA: How to ensure a secure S/4HANA migration