SAP S/4 HANA is the biggest update to SAP’s ERP Solution since R/3. With SAP’s mainstream support for the ECC platform ending in 2025, it is not a matter of “if” your organization will transfer to the new system but when and how. S/4 HANA enables you to use your core ERP in combination with cloud-based third-party applications, allowing for a true digital enterprise.
However, with the convenience of widespread digitalization comes the acute realization of being prone to cyber attacks. ERP systems remain a tempting target given the crucial business data they house. According to a study from the Ponemon Institute, fifty-nine percent of the respondents believed in an increased risk to their SAP applications with new technologies such as cloud, mobile, big data and the Internet of Things. Sixty percent of these security breaches were seen emanating in-house, making addressing internal threats a top priority for IT professionals.
When your company does decide to migrate, the first order of business to consider is scrutinizing the security measures as it relates to your company’s GRC strategy for risk management. This involves ensuring you have clearly defined segregation of duties (SoD) and efficient access controls in place. Using manual methods for extrapolating and analyzing this data can be cumbersome, time-consuming and rife with inconsistencies. ERP Maestro provides an automated, SaaS solution that allows internal auditors and IT professionals alike to quickly assess security standards within the organization and provides real-time insights into the measures that need to be taken to ensure a successful, seamless migration. Here is a three-step risk assessment process that we recommend:
1. Understanding the possible security risks that could affect migration:
ERP Maestro’s Access Analyzer dashboard provides a one-glance overview of what your role-design looks like from a risk and maintainability standpoint and provides indicators of what it sh
ould be for a seamless S/4HANA migration.
2. Assess how you compare against industry standards:
ERP Maestro provides a comprehensive SoD baseline rulebook that is based on industry best practices. This rule book is a good benchmark to identify the gaps in existing access controls and fixing them before making the move to S/4 HANA.
3. Define users based on the User Conflict Matrix:
ERP Maestro's User Conflict Matrix provides insights into what functionalities and transactions are being used within the roles and/or by users today. If conflicts are discovered at this stage, it is imperative to resolve these before transferring the roles to S/4.
Despite its clear advantages, there has been a slow adoption of S4/HANA due to the fear of business disruption and perceived security threats. However, undertaking the security measures prescribed above, companies can mitigate disruption and alleviate security concerns. For more information on S/4 HANA Assessment approach, watch our webinar on Planning for HANA: Security Design Considerations with Britta Simms, Global SAP Competency Lead with IBM Security.
Read more about why IBM partnered with ERP Maestro to address SAP User Internal security threats.