Today enterprises are turning to new business models to avoid disruption, to gain efficiencies, to drive innovation, and to transform mission-critical systems without business risk. SAP offers RISE with SAP to enable companies in all industries to reach these goals. SAP for Rise includes Cloud ERP for every business need, industry best practices and extensibility, analytics and business process intelligence, and outcome-driven services from SAP and partners.
With RISE, customers can take the lead with industry innovation for top-line, bottom-line, and green-line growth. Rise enables customers to constantly improve with real-time insights, allowing them to continuously optimize processes. Rise includes embedded cybersecurity and automated data protection to help to protect SAP applications and data.
But are these security features and functions sufficient? Let’s look at this more in detail.
RISE with SAP offers customers a friction-free, easy to deploy & use solution to run SAP in the cloud. This provides many advantages as discussed in the previous section. But when it comes to secure the critical business assets, visibility and knowledge is a key to success.
This is where it gets tricky when using RISE with SAP. On one hand, the customer isn’t responsible for the application’s security as this is provided by SAP. On the other hand, SAP has no way of identifying if the traffic accessing the applications is legitimate. It is up to the customer to not only ensure that identify management is in place, but that the traffic itself is screened for exploits that might compromise the system.
From a customer perspective, RISE with SAP is a black box where traffic is going in and out and SAP takes care of the security and the availability of the SAP Environments. However, as stated, the communication to and from the RISE with SAP Environment is up to the customer to secure, this brings some possible challenges:
Fortinet has focused on 5 key use-cases for securing SAP deployments. These use cases are suggestions – a place to start thinking about SAP security. They include:
This use case focuses on network security for SAP. It relies primarily on utilizing the SAP Connector and SAP traffic awareness of the Fortinet FortiGate NGFW to provide secure access to and from SAP servers (N/S traffic) as well as to create security zones to prevent breach transversal (E/W). FortiGate’s can also enforce zero trust policies, provide IPS and virtual patching and anchor a secure SD-WAN.
SAP application servers, whether on-premises or in the cloud, must be both assured and secured. This use-case relies on Fortinet’s web application firewall (WAF) – FortiWeb as well as on Fortinet’s secure application delivery controller to ensure the security and performance of your SAP solutions.
Zero trust is the concept that trust between people and application access must be earned – and re-earned with every access attempt. The idea is simple, no one inside or outside the network should be trusted unless their devices have been vetted and their identification and their devices have been thoroughly checked. This verification applies whether or not the device or user is already within the network perimeter.
Fortinet’s zero-trust solutions rely on either FortiGate or FortiADC as enforcement gateways and is included at no added cost.
A security operations center (SOC) is a command center for monitoring each element of your SAP infrastructure, identifying existing and potential threats, and preventing future threats. FortiSOAR extends the Fortinet Security Fabric into your SOC, providing security orchestration, automation and response (SOAR) as well innovative case management, automation, and orchestration. FortiSOAR integrates with SAP Enterprise Threat Detector (ENT) to provide automated interactions by the SAP ETD server using FortiSOAR™ playbooks.
Finally, the usage of SD-WAN allows the remote sites to connect more easily to networks, data centers, and/or multiple-clouds with lower latency, better performance, and more reliable connectivity.
With the addition of FortiClient on users’ devices, the same architecture can enforce zero trust policies
In addition to these basic security enhancements, customers will see the following benefits when adding Fortinet solutions to the RISE with SAP security framework:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.