Security is a fundamental component throughout the entire lifecycle of SAP products, including development, planning, and quality assurance. For SAP S/4HANA Cloud Public Edition, SAP manages infrastructure-level security such as network protection, operating system security, and patch management. Security responsibilities requiring business-specific decisions—such as user and authorization management—are handled by the customer. In certain cases, SAP provides secure default configurations, which customers can adjust to suit specific business or integration requirements. Overall, SAP covers key security domains at the platform level, while customers are responsible for application-level security and configuration.
We have now added new Security and Data Protection Guidelines within the SAP Activate for SAP S/4HANA Cloud Public Edition (3-system landscape) Roadmap.
As an introduction to SAP Activate Methodology, The SAP Activate Roadmaps is a comprehensive, phase-based guide designed to support implementation, conversion, and upgrade projects by defining tasks, deliverables, responsibilities, and accelerators across six key phases: Discover, Prepare, Explore, Realize, Deploy, and Run. It provides methodology guidance, clear role and task allocation, and a rich set of accelerators such as templates and checklists to streamline activities like system provisioning, data migration, and cutover planning. Regularly updated to align with SAP’s quarterly cloud releases, the roadmap also offers specialized paths for system conversions and upgrades, and integrates with SAP Cloud ALM to enable real-time task management, progress tracking, and agile project execution, ensuring efficient and best-practice-driven project delivery.
Here is an overview of the topics and guidelines covered in each of the phases from a Security & Data Protection perspective
Prepare:
These topics are critical to establishing a secure, compliant, and well-governed SAP S/4HANA Cloud environment.
Explore:
Define and confirm the implementation scope and configuration settings related to data protection and privacy, ensuring compliance with both general and industry-specific legal requirements. The workshop focuses on understanding SAP’s data protection concepts, identifying relevant project areas such as application design, extensibility, integration, testing, data management, and analytics, and determining where data protection measures must be applied. Key outcomes include clarifying responsibilities, reviewing system configurations, defining data retention policies, and ensuring transparency over personal data processing. The result is a comprehensive plan that outlines required actions for data protection experts and stakeholders to ensure secure and compliant system operations.
Plan and design the Identity and Access Management (IAM) framework for SAP S/4HANA Cloud, ensuring proper authorization and secure access to applications. This involves consolidating business requirements captured during fit-to-standard workshops, defining a clear authorization concept with naming conventions, specifying required workplaces, and mapping SAP applications and business catalogs to these workplaces. All technical IAM details must be collected, documented, and approved by the customer. The authorization concept should ensure data integrity, protection against misuse, and be transparent enough for third-party verification. The finalized IAM framework also supports test planning and execution.
Realize:
Setup Integration to Corporate IdP if needed by setting up the SAP Cloud Identity Authentication Service as a proxy. Configure password policies and multi-factor authentication (MFA) in your IdP (Identity Authentication service or corporate IdP)
This task involves creating, configuring, and testing custom business roles based on approved identity and access management requirements. It includes assigning business catalogs and restriction field values according to the Application-Workplace List, creating test users, and ensuring roles cover all necessary access through completeness and negative testing. Authorization testing is coordinated across business areas, with roles refined and validated based on feedback.
Deploy:
Run:
Maintain system security, compliance, and audit readiness through continuous activities defined in the Prepare phase. Key ongoing operations include regular log monitoring (covering business data changes, user and role changes, and security audits), periodic reviews of Identity and Access Management for business and communication users, and proactive certificate management to prevent expirations and manage trust lists. Additionally, configuration monitoring is performed to ensure system integrity, collectively supporting a secure and compliant SAP environment.
Use the tag Security-Data Protection-IAM to access Security, Data Protection and IAM content in SAP Activate for SAP S/4HANA Cloud Public Edition (3-system landscape) Roadmap
You can explore more SAP Activate resources in SAP Community using tag #sapactivate, we also encourage you to consider following our sister communities SAP S/4HANA Cloud and SAP Cloud ALM. Let us know your thoughts in the comments to this blog post or via questions in the SAP Activate community.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
13 | |
7 | |
7 | |
6 | |
6 | |
5 | |
4 | |
3 | |
3 | |
2 |