security and data privacy with sap & microsoft embrace
TRANSCRIPT
Security and Data Privacy with SAP & Microsoft EmbraceDamien Johnson Chief Architect
SAP America
2 © 2020 ASUG Confidential
Key Outcomes/Objectives
1. Learn more about the Embrace program2. Hear about key aspects of Azure and security3. Apply learnings to your SAP-Microsoft
environment
3 © 2020 ASUG Confidential
Agenda
• Embrace Overview• Security Concepts on Azure• SAP on Azure and security
4 © 2020 ASUG Confidential
Cloud and SAP S/4HANA Transition Underway
Enterprises are migrating to cloud providers
at an accelerated pace . . .
of enterprises will no longer use
traditional data centers by 20251
80%
of cloud services today are
delivered by Hyperscalers2
68%
. . . And SAP customers are on the move to
SAP S/4HANA in the Cloud . . .
of SAP customers globally are planning
on deploying SAP S/4HANA
say they will make the switch within
three years
3 IDC SAP Customers on the Move to SAP S/4HANA - 2019
Are going to deploy SAP S/4HANA to
the cloud
73%
54%
72%
5 © 2020 ASUG Confidential
EmbraceSimplifyMove with confidence to SAP S/4HANA on Microsoft Azure, leveraging a consistent approach that reduces complexity and mitigates risk.
AccelerateBecome an agile, efficient, digital enterprise on Microsoft Azure, with a cloud platform optimized for SAP solutions, leveraging shared industry-leading best practices and specialist expertise.
InnovateTransform and evolve your business with continuous innovation from SAP and Microsoft to create new opportunities and drive growth.
Introducing The Embrace Initiative
A strategic alliance between SAP and Microsoft, to simplify and accelerate a customer’s journey to SAP S/4HANA on Microsoft Azure.
6 © 2020 ASUG Confidential
OPTIMIZED PLATFORM
Deliver essential services of SAP’s Business Technology Platform on Azure
Enable development of integration & extension of SAP business applications
REFERENCE ARCHITECTURE
Jointly developedtechnical blueprints
Integrate SAP’s Business Technology Platform and Microsoft services to
deliver business outcomes to customers
MARKET APPROVED JOURNEYSJointly created roadmap for SAP S/4HANA and other SAP solutions by industry
Leveraging specialist expertise and best practices
EMBRACE ENGAGEMENT AND SERVICESA Catalyst and Actionable Plan
Bringing together customers, SAP, Microsoft, and System Integrators with a Services Plan for a successful move to the Intelligent Enterprise
The Embrace Initiative
The Embrace Initiative
7 © 2020 ASUG Confidential
EXPERIENCE MATTERS Customer Experience | Employee Experience | Product Experience | Brand Experience
Industry Strategic Priority # 1
Industry Strategic Priority # …
Industry Strategic Priority # n
LIFT: Enabling Data First Execution
RESHAPE: Enhancing Processes with Intelligence and
Automation
CREATE: Creating Experiences with New Business Models
▪ Demand driven planning and fulfillment▪ Smart label ready data governance
▪ Profitable revenue growth
▪ Actionable insights with Predictive Analytics
▪ Rapid M&A
▪ Prescriptive insights
▪ New revenue streams, including data, IP, services, bundling, insights
▪ Lights out finance
▪ Agile M&A (new / adjacent businesses)
▪ Modern commerce platform including B2B / self-service and direct to consumer (D2C)
▪ Engaging and consistent consumer grade User Experience
▪ Comprehensive consumer & operational insight
▪ Personalized consumer engagement & offers▪ Trade spend optimization▪ Optimized supply chain and demand management▪ Perfect store order fulfillment and retail activity
optimization
▪ Personalized consumer experience and outcomes at scale
▪ Integrated and dynamic trade & consumer marketing
▪ Personalized consumer experience and outcomes at scale
▪ Integrated and dynamic trade & consumer marketing
▪ Agile & automated finance and continuous close
▪ Inventory optimization
▪ Agile, connected manufacturing with optimized asset utilization
▪ Omnichannel orchestration of consumer, integration and order fulfilment
▪ Complete visibility to extended demand and supply networks
▪ Maximize employee engagement (contingent and permanent)
Business Capabilities
+
Industry Reference Processes
+
Intelligent Enterprise Solutions
Context for Market Approved Journeys
8 © 2020 ASUG Confidential
SAP Business Architecture on Microsoft Azure
SAP HANA Cloud
SaaS Applications
SAP Digital Manufacturing Cloud
SAP C/4HANA
Qualtrics
SAP Fieldglass
SAP ConcurSAP Ariba OneDrive
Microsoft Office 365
Azure Data Lake
Azure IoT Hub
Azure IoT Edge
Azure ML Service
Azure Blockchain
Azure Database for PostgreSQL
Op
en S
ervi
ce B
roke
r /
AP
I
Visual Studio
Azure VM, Azure Storage, Azure Virtual Network, Azure Active Directory
Business Technology Platform
SAP S/4HANA CloudSAP Integrated Business
Planning
SAP SuccessFactors
Any-Premise Applications
SAP S/4HANA SAP BW/4HANA SAP HANA
Applications
GitHub
Platform Services
Analytics
SAP Cloud Platform Foundation
Logging | Authentication | Authorization | Destination | Custom Domain | Scheduler | …
SAP Analytics Cloud
SAP Data Warehouse Cloud
Database & Data Management
Data Intelligence
HANA DB
HANA Data Lake
Integration Suite Enterprise Extensions
Web Analytics
SAP CP Integration
API Management
OData Provisioning
Open Connectors
Leonardo IoT & Edge Services
…
Web IDE
Enterprise Messaging
Extension Factory
ABAP Environment
…
SAP Graph
Intelligent BPM
Workflow
Business Rules
Process Visibility
Inbox
Intelligent RPA
…
Digital Experience
Portal
Mobile Services
Fiori Cloud
UI5
Conversational AI
……
…
SaaS offerings
1
1
1
1
9 © 2020 ASUG Confidential
Joint Embrace Reference Architectures (http://sap.com/embrace-usescases )
Establish Security Workflow
Streamline single sign-on and user provisioning between SAP and Microsoft applications
Simplify Process Integration
Simplify delivery of SAP-to-SAP, SAP-to-Microsoft and SAP-to-3rd party business process integrations
Extend Business Processes
Adapt and extend SAP S/4HANA business processes using SAP & Azure innovations
Automate Workflows
Implement live business processes in the cloud with real-time visibility and flexibility.
Simplify use identity lifecycle management between Azure Active Directory and SAP Cloud Platform Identity Authentication
Accelerate innovation using prebuilt process integrations and business APIs from SAP and Microsoft
React on business events across SAP and Microsoft applications by leveraging CloudEvents CNCF standard
Optimize business processes, automate repetitive tasks, and seamlessly integrate SAP business workflows with Microsoft’s Power Automate
SAP Cloud Platform App Runtime, SAP Cloud Platform Identity Authentication, SAP Cloud Platform Connectivity
SAP Cloud Platform Integration, SAP Cloud Platform API Management, SAP Cloud Platform Open Connectors
SAP Business Application Studio, SAP Cloud Platform Enterprise Messaging, SAP Cloud Platform Extension Factory, Serverless & Kyma
SAP Cloud Platform API Management, SAP Cloud Platform Workflows, SAP Cloud Platform Business Rules, SAP Cloud Platform Process Visibility
Azure Portal, Azure Active Directory, Azure CLI
Microsoft Graph, Microsoft Office 365, Azure API Management, Azure Event Hubs, Azure Functions
Azure App Services, Azure Kubernetes Services, Azure Event Grid, Azure Functions
Microsoft Power Automate, Microsoft Graph, Microsoft Office 365
Patterns
Example Scenarios
SAP Cloud Platform Capabilities
Microsoft AzureCapabilities
10 © 2020 ASUG Confidential
Deployment Architecture Options
11 © 2020 ASUG Confidential
Embrace Engagement Approach
STRATEGY – BUSINESS DRIVERS Why Move?/Business Narrative
TECHNICAL ARCHITECTURE & INFRASTRUCTURE On Premise SAP Landscape
BUSINESS CASE / VALUE
On Prem – Cloud – SAP S/4HANA
Phased Based on Road Map and Value
MIGRATION & MANAGED SERVICES Journey to Azure and SAP S/4HANA
Alignment Discovery Checkpoint Design & Solution Checkpoint Read Out
Accelerate your move to SAP S/4Hana and the Intelligent Enterprise with Microsoft Azure and SAP Cloud Platform
12 © 2020 ASUG Confidential
SAP Services for EmbraceFlexible Packages to Complement Sis & What Customers Need
• Technical architecture for hybrid cloud
• Platform design
• Integration
• Integration enablement and design
• Data management architecture and solution
• Advanced sizing
• Data volume management
• Software change management across clouds
• IT support framework for operations in a multicloud and hybrid-cloud landscape
• Review and design of support processes, tools, and organization
• System and solution management
• Business downtime optimization
• Integration validation
• Accelerated incident management
• Identity management
• Hyperscale computing strategy
• Integration strategy
• Security and compliance strategy
• User experience (UX) strategy
• Analytics strategy
• Safeguarding
21
3
Monitoring and daily operationsTransformation design
and architecting Cloud transformation strategy
13 © 2020 ASUG Confidential
Security is More than Protection
14 © 2020 ASUG Confidential
Azure Security – design and implementation
Source: Microsoft
15 © 2020 ASUG Confidential
Holistic View of Security & Controls
Source: Microsoft
16 © 2020 ASUG Confidential
Security & Privacy on Azure
https://docs.microsoft.com/en-us/security/
Identity and Access Management (1.0)Security Center (2.0)Storage Accounts (3.0)Database Services (4.0)Logging and Monitoring (5.0)Networking (6.0)Virtual Machines (7.0)Other Security Considerations (8.0)AppService (9.0)
New Azure blueprint for CIS Benchmark
17 © 2020 ASUG Confidential
Security Management in Azure
18 © 2020 ASUG Confidential
Identity & Authentication Workflow – SAP & Microsoft
19 © 2020 ASUG Confidential
Securing Communications via PrivateLink 1
Accessing Azure
Services in SCP
Accessing SAP Systems
running in Azure from SCP
Accessing SCP services in
Customers’ Azure Subscription
Cloud Platform
Private IP
Private Link
Private Link
• PostgreSQL
Cloud Platform
Private IP
Customer A
Customer B
Cloud Connector
Pri
vate
Lin
k
Pri
vate
Lin
k
Portal
/ FLP
Application
Runtime
Serverless
Runtime
Cloud Platform
Customer BSAP HANA Cloud
Private IP
Private IP
Pri
vate
Lin
k
SAP Analytics
Cloud
Logic Apps
• Redis
1Planned (Legal Disclaimer: The this is the current state of planning and might be changed by SAP at any time without notice.)
20 © 2020 ASUG Confidential
SAP Security Management and Implementation has Evolved
https://www.sap.com/about/trust-center/security.html
21 © 2020 ASUG Confidential
Data & Information Lifecycle
Security Profiles / Access & Process Controls
Archiving & Information Lifecycle Management
22 © 2020 ASUG Confidential
SAP Enterprise Threat Detection
Log correlation and analysis
•Analyze a vast quantity of log data and correlate information to get a complete picture of landscape activities•Perform forensic threat detection to discover previously unknown attack variants•Customize the integration of non-SAP systems and infrastructure components•Use an exclusive kernel API to send logs directly to SAP Enterprise Threat Detection to make manipulation more difficult
Automated threat detection and alerting
•Find SAP software-specific threats related to known attacks by using attack detection patterns•Create attack detection patterns without the need to code•Conduct attack investigations based on generated alerts and publish alerts to enable integration with external processes and solutions•Include user pseudonymization and resolution with special authorization when evidence of an attack or misuse arises
Straightforward integration across SAP solutions
•Detect threats at the application server level and at the database level•Integrate with SAP solutions across your entire IT landscape
23 © 2020 ASUG Confidential
SAP Data Custodian – Multi-Cloud Control
Protect your data in the cloud with SAP Data Custodian
Transparency / Audit Reporting
Create policies to monitor your data in terms of data access and
data placement for your full cloud stack including
infrastructure and applications layers. This includes accesses from the Cloud Provider side.
Contextual Application Control
Create contextual application control policies to help comply
with your data protection regulations and business
compliance needs. Create access policies based on user context including location, citizenship,
department, employment type, etc.
Customer Controlled Encryption Keys
Get full control over your data encryption keys for SAP
Applications with SAP Data Custodian Key Management
Service. You manage complete lifecycle of your data encryption
keys.
Policy TemplatesMake regulatory compliance
(GDPR, CCSL CCRF, PCI and more) in the cloud easier with
policy templates, data classification, and more
For more information, please visit:
SAP.com/products/data-custodian.html
Data Localization
Create data residency control policies to restrict storage of
your all data or a specific category of data in a particular
country or a set of countries based on your data sovereignty
requirements.
AWS is a registeredtrademark of Amazon.
24 © 2020 ASUG Confidential
SAP on Azure Links
SAP Community - Security
Managing Microsoft Azure Express Route
Optimizing SAP for Azure – Microsoft’s story
Running SAP Workloads On Azure (Incl. HANA)
Running SAP Apps On The Microsoft Platform
SAP HANA on Azure
Training on Azure
Azure for SAP workloads specialty certification
SAP Certified Offerings for Azure
25 © 2020 ASUG Confidential
Key Outcomes/Objectives
1. Learn more about the Embrace program2. Hear about key aspects of Azure and security3. Apply learnings to your SAP-Microsoft
environment
Questions?
26 © 2020 ASUG Confidential
For questions after this session, contact us at [email protected]
Thank you.
27 © 2020 ASUG Confidential
Stay connected. Share your SAP experiences anytime, anywhere. Join the ASUG conversation on social media: @ASUG365 #ASUG