Security for SAP RISE Solutions

Schedule a Demo

Security for SAP RISE Solutions

More Coverage at Lower Costs than SAP RISE Security Solutions and Services

SAP RISE: A Shared Model of Responsibility for Security

In contrast to traditional on-premise SAP landscapes, the responsibilities for security in SAP RISE are shared between SAP and customers. SAP is responsible for security at the hyperscaler and network level, as well as databases and servers. Customers are responsible for securing the application and data layer.

On Premise SAP Solutions
SAP Rise SAP Solutions

Customers can purchase optional solutions and Cloud Application Services (CAS) that are not included as standard in RISE for additional support from SAP.

The Cybersecurity Extension for SAP cloud edition provides an alternative to Cloud Application Services and solutions from SAP. The extension is certified for SAP S/4HANA and available as a cloud subscription. It delivers more coverage at lower cost than the equivalent RISE services and solutions and provides a unified alternative to multiple SAP RISE offerings.

SECURITY SCENARIOSTANDARD RISE
SERVICE / SOLUTION
OPTIONAL RISE SERVICE / SOLUTIONLogo - Minimal
Access Risk AnalysisAccess Risk AnalysisNoSegregation of Duties CheckYes
Vulnerability & Compliance ManagementVulnerability & Compliance ManagementNoApplication Security MonitoringYes
Custom Code SecurityCustom Code SecurityNoSAP Code Vulnerability AnalyzerYes
Security PatchingSecurity PatchingNoApplication Security UpdatesYes
Threat Detection & ResponseThreat Detection & ResponseNoSAP Enterprise Threat Detection Cloud EditionYes
Security DashboardSecurity DashboardNoSAP Analytics CloudYes
Access Risk Analysis

Access Risk Analysis

Customers are responsible for managing user permissions and ensuring access to critical roles and authorizations is restricted and compliant with the principle of the Segregation of Duties (SoD). SAP offers an optional Cloud Application Service to detect critical access and SoD risks in customer S/4HANA systems using the SAP GRC ruleset. The Cybersecurity Extension for SAP also performs critical access and SoD checks for S/4HANA using a ruleset benchmarked against SAP GRC.

Vulnerability & Compliance Management

Vulnerability & Compliance Management

Customers are responsible for the secure configuration of applications in SAP RISE. SAP offers an additional Cloud Application Service not included in standard RISE services to perform security checks for ABAP and HANA systems using SAP Solution Manager. The Cybersecurity Extension for SAP performs more extensive security checks than the CAS and enables customers to detect compliance gaps with security frameworks. This includes compliance monitoring for security settings mandated by SAP Enterprise Cloud Services (ECS) for SAP RISE solutions.

Custom Code Security

Custom Code Security

Developing and maintaining secure custom applications is the responsibility of customers in SAP RISE. This includes custom developments adapted and migrated from SAP ECC to SAP S/4HANA. Customers can license SAP Code Vulnerability Analyzer (CVA) to detect vulnerabilities in custom ABAP programs. CVA is not included in standard RISE solutions. The Cybersecurity Extension for SAP includes a higher number of test cases than CVA and supports security scanning for custom SAPUI5 applications.

Security Patching

Security Patching

Customers are responsible for identifying and applying application-specific security notes and testing for security notes in SAP RISE. SAP offers an optional Cloud Application Service for implementing application-level security notes. However, this excludes support for implementing notes with manual corrections and testing security notes. The Cybersecurity Extension for SAP automates the discovery of security notes and supports lifecycle management for required patches.