Security for SAP RISE Solutions
More Coverage at Lower Costs than SAP RISE Security Solutions and Services
SAP RISE: A Shared Model of Responsibility for Security
In contrast to traditional on-premise SAP landscapes, the responsibilities for security in SAP RISE are shared between SAP and customers. SAP is responsible for security at the hyperscaler and network level, as well as databases and servers. Customers are responsible for securing the application and data layer.
Customers can purchase optional solutions and Cloud Application Services (CAS) that are not included as standard in RISE for additional support from SAP.
The Cybersecurity Extension for SAP provides an alternative to Cloud Application Services and solutions from SAP. The extension is certified for SAP S/4HANA and available as a cloud subscription. It delivers more coverage at lower cost than the equivalent RISE services and solutions and provides a unified alternative to multiple SAP RISE offerings.
SECURITY SCENARIO | STANDARD RISE SERVICE / SOLUTION | OPTIONAL RISE SERVICE / SOLUTION | ||
Access Risk Analysis | Segregation of Duties Check | |||
Vulnerability & Compliance Management | Application Security Monitoring | |||
Custom Code Security | SAP Code Vulnerability Analyzer | |||
Security Patching | Application Security Updates | |||
Threat Detection & Response | SAP Enterprise Threat Detection Cloud Edition | |||
Security Dashboard | SAP Analytics Cloud |
Access Risk Analysis
Customers are responsible for managing user permissions and ensuring access to critical roles and authorizations is restricted and compliant with the principle of the Segregation of Duties (SoD). SAP offers an optional Cloud Application Service to detect critical access and SoD risks in customer S/4HANA systems using the SAP GRC ruleset. The Cybersecurity Extension for SAP also performs critical access and SoD checks for S/4HANA using a ruleset benchmarked against SAP GRC.
Vulnerability & Compliance Management
Customers are responsible for the secure configuration of applications in SAP RISE. SAP offers an additional Cloud Application Service not included in standard RISE services to perform security checks for ABAP and HANA systems using SAP Solution Manager. The Cybersecurity Extension for SAP performs more extensive security checks than the CAS and enables customers to detect compliance gaps with security frameworks. This includes compliance monitoring for security settings mandated by SAP Enterprise Cloud Services (ECS) for SAP RISE solutions.
Custom Code Security
Developing and maintaining secure custom applications is the responsibility of customers in SAP RISE. This includes custom developments adapted and migrated from SAP ECC to SAP S/4HANA. Customers can license SAP Code Vulnerability Analyzer (CVA) to detect vulnerabilities in custom ABAP programs. CVA is not included in standard RISE solutions. The Cybersecurity Extension for SAP includes a higher number of test cases than CVA and supports security scanning for custom SAPUI5 applications.