Migrating SAP workloads from on-premise to the cloud is a complex task, and one with tangible rewards. Large enterprises such as BP, Liberty Mutual Insurance and Lockheed Martin have made the transition and realised the benefits, including improved cost efficiency and agility, and the chance to integrate emerging technologies. Yet while businesses understand the case for migration, concerns around security and compliance can hamper the move. When workloads are business-critical and sensitive data is involved, neither can be compromised.

Cloud fundamentals

In the cloud, security is a shared endeavour, where the cloud provider, SAP and the customer all have specific roles and responsibilities. The cloud provider takes on physical security, while it and SAP manage much of the infrastructure stack. Meanwhile, the customer takes responsibility for user security and access, both at the application and database levels. Excellent security revolves around all three having appropriate safeguards in place, and doing whatever work is necessary to protect applications and data.

The principles of securing SAP in the cloud aren’t that different from securing it on-premise. First, classify the data within your workloads, then define and apply appropriate security controls. From there, you can build a strong multi-layered security strategy, with access controls rooted firmly in identity. What changes is the need to place your data and your applications where they’ll meet all necessary compliance and data residency requirements, without impacting reliability or performance. This is where your cloud provider can help guide you.

The migration process is critical, as it’s where organisations can leave vulnerabilities open that hackers will exploit later. Here, Amazon Web Services provides tools such as the AWS Launch Wizard for SAP and Amazon Quick Starts for SAP. These make it easier to securely size and provision EC2 clusters for SAP workloads or deploy SAP landscapes with an architecture that follows AWS best practices. AWS also provides support, training and service credits through its SAP Migration Acceleration Program, including a tried and tested methodology you can use to automate common scenarios.

Ensuring security and compliance

Your choice of cloud partner also has an impact on compliance. With support for over 90 security standards and compliance certifications, AWS has been able to help organisations like the biotech company, Moderna, and the shipping-container giant, Seaco, build SAP environments with the isolation features and granular access controls needed to meet the most demanding regulatory requirements. It also helps that AWS has a specific partner competency dedicated to SAP, and that AWS is the only cloud vetted and accepted for top secret government and regulated industries use.

Post-migration, it’s crucial the cloud platform delivers the features to safeguard applications and data, plus automated tools to track and log user and API access. As with any on-premise SAP workload, vulnerability testing needs to work in concert with incident response simulations, to evaluate processes and refine them. Here, Amazon Inspector can provide automated security assessments to probe the security state of SAP instances at every level.

Hardware can also deliver layers of protection. Amazon’s EC2 M6i, R6i and X2i instances with SAP optimised architecture based on 3rd Gen Intel® Xeon® Scalable processors offer Intel Total Memory Encryption to protect data while it’s being used, and Intel®AVX-512 to accelerate cryptographic processing.That enables businesses to use stronger encryption protocols without adversely affecting performance.

AWS has the tools, features and expert support to help enterprises navigate the complexities of SAP migration and develop a cloud-based infrastructure that supports their business needs – and meets their security requirements.

Find out more about SAP migration on AWS Cloud.