The security of an SAP landscape is only as strong as its weakest link. In the context of RISE with SAP, this means that only when SAP, the hyperscaler, and the customer clearly assume their respective responsibilities can a robust security level be achieved.
Shared Responsibility in RISE
Many organizations mistakenly assume that SAP takes full responsibility for security under RISE. While SAP does relieve operational burden, a significant part of security remains with the customer, including:
- Network security: Firewalls, VPNs, subnets in the hyperscaler.
- Secure SAP code: Validation of custom developments using ATC, ABAP Code Inspector, or third-party tools.
- Security monitoring & forensics: Audit logs, SIEM integration, anomaly detection.
- System hardening: SNC, TLS, parameter configuration, RFC security.
- User & identity management: Role design, SoD checks, integration with SAP GRC or Azure AD.
- SAP Security Notes: SAP applies only critical notes automatically; all others require customer implementation.
Closing the Gaps
To address these potential security gaps, organizations can:
- Extend SAP services via Cloud Application Services.
- Engage AMS providers for monitoring, patching, and security assessments.
- Build internal teams with specialized expertise.
From Trust to Continuous Validation
Even with clearly defined contracts, the key question remains: How can I ensure my system is truly secure? Experience shows that without continuous validation, risks arise – such as incorrectly applied notes, insecure RFCs, or excessive authorizations.
Advisory from the Public Cloud Group
The Public Cloud Group (PCG) helps organizations address security risks in a structured way. As part of our RISE Assessment, we explicitly analyze security responsibilities, identify gaps, and design a robust security strategy – covering governance, monitoring, and concrete technical measures.
Conclusion
RISE with SAP simplifies operations but does not replace a comprehensive security strategy. Only through clearly defined responsibilities, continuous monitoring, and expert guidance from partners like Public Cloud Group does RISE become a secure foundation for digital transformation.