noun_Email_707352 noun_917542_cc Map point Play Untitled Retweet Group 3 Fill 1

SAP security on the public cloud – the same, but different?

The enterprise demand for transforming monolithic SAP infrastructures into agile public cloud infrastructures is finally on the rise in the Nordics.

Pete Nieminen / October 14, 2021

Our region is a bit late compared to the US, UK, and Central Europe, which means we could have missed out on some big benefits like competitive agility and savings.

Being a late bloomer, on the plus side, as a late starter, we have avoided the early adopter pitfalls, and the public cloud is now much more mature in terms of large-scale SAP implementations.

The public cloud has now become so good at providing business flexibility, scalability, and security around business-critical systems like SAP that can’t afford not to make the move to the public cloud. When I talk about the public cloud, I mean the hyperscalers like Microsoft Azure, Amazon Web Services, and Google Cloud Platform. Currently, the large-enterprise SAP market is dominated by Azure, but time will tell how the battle plays out between the public cloud giants.

Security has been a hot topic in the ICT world since the late 90s. In modern cybersecurity, we have several standards, compliance models, and best practices. The world is full of security companies that are inventing better solutions to counter the ever-increasing threat of cybercrime.

So how does this relate to SAP on the public cloud? Traditionally, SAP has been sitting in the inner premises of enterprise infrastructure, protected by the strong physical security of datacenters and somewhat layered outer protection. The only SAP-specific protection has been security updates, which have not been applied consistently due to the complexity and business criticality of the SAP ecosystem. The cyberworld has changed during the last ten years. Attacks are extremely complex, combining long-lasting hidden application threats, physical access exploitation, and government-funded penetration toolkits.

Shared security responsibility – a new governance model for enterprises

Hyperscalers will take care of physical security, hyperscale infrastructure, and the hyperscale software layer better than any normal enterprise could ever afford to do or be able to do alone. This alone is a good enough reason to move SAP to the public cloud. Some time ago the rest of the shared model was considered the customer’s responsibility, but that has also changed. Previously, enterprises utilizing the public cloud relied on the support of their skilled and certified integration service providers and specialized cybersecurity companies; now, the hyperscalers offer a wide variety of cloud-dedicated tools to manage the rest of the security landscape. As a good example, Azure offers tools like Sentinel, Security Center, Information Protection, Identity Protection, and Microsoft Defender to protect business-critical application ecosystems, along with customer endpoints.

Despite the significant progress made by SAP on the public cloud during the last seven years, it is still in its infancy compared to SAP itself, which has been around since the 70s, and cybersecurity, which came to prominence in the 90s. The agile and constantly evolving cloud brings its own challenges to the equation.

TietoEVRY has released a whitepaper to help enterprises familiarize themselves with the topic and to give some security guidance for those who are planning or have already begun their SAP on the public cloud transformation.



Pete Nieminen
Head of SAP on Public Cloud

Pete Nieminen works as a Lead Advisor and Head of SAP on Public Cloud at Tietoevry, combining Cloud, Cybersecurity, and SAP together as one future-proof ecosystem for enterprise businesses. He has more than 20 years of experience in digital business development, technology solutions, and operating as a trusted advisor and CIO. During his career, he has been selected 11 times as TOP 100 ICT-influencer and he has published more than 100 magazine articles. Pete describes him as a businessperson with a deep passion for technology.

Share on Facebook Tweet Share on LinkedIn