S/4HANA is SAP’s next-generation Enterprise Resource Planning (ERP) Suite. Organizations planning to implement this real-time digital core to their business need to choose between a migration (brownfield) or start a new (greenfield).

Moving to SAP’s latest ERP is not like any other enterprise software upgrade with a new database technology, a new user experience, and redesigned business processes, adopting S/4HANA is a system conversion.

Organizations need to evaluate their current landscape, technical prerequisites, target software versions and business case in order to select the right migration path: brownfield, greenfield, or a phased approach

S/4 HANA Migration Path

Whatever the migration path customers choose for their organization, Mindfore’s SAP Certified Security professionals helps customer in making the key security design decisions, security design/ re-design considering new S/4 HANA objects Fiori applications, CDS views, and updating the GRC ruleset

SAP S/4 HANA Security and GRC

Key Design Decisions

  • One of the key design decisions when choosing to migrate to S/4 HANA, is whether to keep the existing role design and incorporate the necessary Fiori content or start again – thereby creating a new set of roles. Whichever path is chosen, there will be a unique set of advantages and disadvantages to be considered.
  • Keeping the existing role design may be advantageous if a lot of effort has been invested in ensuring roles are audit compliant and risk free. However, this will require obsolete transactions to be identified and replaced and extensive analysis to be performed to map in the service authorizations required to use Fiori.
  • Start from scratch means Fiori Catalogs can be used to pull through the authorizations required for each app to work. This will save effort, but will require familiarity with the Fiori Launchpad designer to customize Catalogs – and the new roles will need to be reassessed to ensure that they are free of Segregation of Duties risks.

Security Risks in SAP S/4HANA

  • This complexity in architecture has yielded several benefits as well as opened new areas of risk and vulnerabilities within the overall architecture of SAP S/4HANA. Besides the new user interface in S/4HANA using SAP Fiori, SAP S/4HANA uses a simplified data model with new table structures in order to simplify the transaction data structures in the database.
  • There are several new transaction codes being introduced, new authorization objects added to create a new enhanced S/4HANA security design. As a result of new functionalities, many transaction codes in SAP ECC are no longer available in SAP as the previous Suite on HANA functions.