Posted: 10 Sep. 2024 2 min Lukuaika

Safeguard your SAP S/4HANA environment — setting the scene

Cybersecurity and Privacy Matter in S/4HANA Projects

This blog is part of our Nordic blog series, ” Why cybersecurity and privacy matter in S/4HANA projects”. Explore other blog posts from this series here:
Part 1 - Setting the scene
Part 2 - Know your data
Part 3 - Ownership & governance
Part 4 - Access management & available tools
Part 5 - Security hardening, monitoring & available tools
____
What has happened?

It has already been five years since the GDPR entered into force in May 2018, and the work regarding privacy has evolved in terms of maturity and complexity. The interplay between legal requirements, technology and your organisation has become increasingly complex. 

We see that the regulatory landscape is evolving with the EU Digital Strategy that has more than 15 new laws and regulations in its scope for the next five years. The regulatory requirements are increasing in quantity, making it more difficult for businesses to be compliant with such rapid changes. As S/4HANA has artificial intelligence functionalities, requirements of the EU AI Act need to be built into the program. 

Business setups are also evolving to a point where they have become more complex than ever because of new business structures and hybrid workspaces. This results in businesses having to quickly adapt to fluid and dynamic ways of working, which only increases the difficulty of complying with a rapidly changing regulatory landscape. The fluid and dynamic ways of working also result in an increased need to focus on data flows as data flows now comes from several different systems within an organisation. Controlling the interfaces, integration, systems and the data flow is often a challenge.

Technology does not inevitably lead to success, it needs to be used correctly if it is to lead to success.

Parallel to the regulatory landscape, the technological landscape is also evolving rapidly. With technologies such as artificial intelligence and automation playing a larger role in organisations, some processes have been made simpler for the organisation while others have increased in complexity. It is important to note that technology does not inevitably lead to success, it needs to be used correctly if it is to lead to success.

How do we handle this?

With SAP, your organisation can adapt to these challenges and gain more control than ever. Through tech enabling SAP for data protection and security management, your organisation can master data, risk management, governance and more. By enabling features such as Access Control  in the entire SAP landscape over more than one SAP platform (for example, having access controls in not only SAP ERP but also in SuccessFactors), the organisation can work together in completely new ways, being more aligned than ever and with compliance being easier than ever before. 

What’s next?

Our new blog series will unveil crucial aspects that underpin a robust data protection and privacy framework in SAP S/4HANA environments — and this first blog post setting the scene. The following entries delve into the topic of data, and break down the important aspects of ownership, explaining the roles and responsibilities necessary to keep your SAP environment secure and compliant. The fourth blog post will talk about the complex landscape of access management, listing the tools available for enhancing your data protection, and the final post will navigate through the security hardening and monitoring of the SAP landscape.

Safeguarding your data is not just a task, it is also a responsibility. Dedicating resources to privacy underscores a strategic commitment, not just to technological investments but also to safeguarding the trust of your organisation’s stakeholders. By understanding the nuances of access management, security hardening and ownership roles, you are better equipped to fortify your SAP fortress against potential threats. 

___
Authors:

Daniel Tvangsoe

Get in touch with our team

Reach out to your local S/4HANA & cybersecurity contact:

Finland & Denmark

Jouni Viljanen

Jouni Viljanen

Operational Risk Leader

Jouni toimii Deloitte Suomen operatiivisten riskienhallinnan palveluiden johtajana. Hänen erityisosaamistaan on teknologian ja analytiikan hyödyntäminen organisaatioiden riskienhallinnassa ja sisäisessä valvonnassa. Hänellä on myös pitkä kokemus IT-riskienhallinnasta sekä IT-kontrolliympäristöjen ja tietoturvan auditoinneista osana sisäisiä ja ulkoisia tarkastuksia. Briefly in English: Jouni is working as partner in Operational Risk services at Deloitte Finland. His special expertise is to leverage modern technology and analytics in Risk Management and Internal Controls. He has long experience in risk management and leading the audits of IT controls and IT security as a part of external and internal audits.

Anh Nguyen

Anh Nguyen

Partner

Anh is part of the technology enabled GRC team focusing on business driven transformations from an Internal Controls and Compliance perspective. He has extensive experience designing and optimizing Risk Management processes and frameworks including managing business impact and change management Anh is specialized in technology enabled optimization incorporating innovation in transformation projects, turning risks into competitive advantage.

Norway & Sweden

Erling Pettersen Hessvik

Erling Pettersen Hessvik

Partner

Erling er partner i Risk Advisory og hjelper våre klienter med å håndtere teknologirisiko og cybersikkerhet.

Peter Ostlund

Peter Ostlund

Partner

Peter Östlund is a Partner within Risk Advisory. He is responsible for our IT Risk and Assurance services. He has many years of experience from working with IT and Cyber Risks, Information security, IT audit and third party assurance reports. Peter holds a master´s degree in Computer Science and a bachelor´s degree in Business administration from Uppsala University, Sweden.