Integrated Risk Management
Through the application of technology and automation, we'll help you manage your risks efficiently and effectively across the entire enterprise.
Identity and Access Management
We'll help you ensure everybody within your organisation has access to the right systems and data, for the right reasons, and at the right time.
Cyber & Application Security
Our experts will uncover security weaknesses within your security design and business-critical applications. Helping you protect your organisation from both internal and external threats.
About us
A group of passionate individuals with a shared purpose to help the world's leading companies embrace best practices for GRC and risk management.
Turnkey's strategic partner network consists of selected organisations that complement our capabilities.
Corporate Social ResponsibilityCSR
We are committed to being agents for change through our Climate Action Plan, championing diversity in our workplaces, and more.
Get in touch
We have operations in all corners of the globe, so see which office is nearest to you and connect with them.
We have operations in all corners of the globe, so see which office is nearest to you and connect with them.
Webinars & eBooks
All of Turnkey's webinars, guides and other insights available in one place.
Read the latest insights from our experts on GRC and risk management, covering the latest industry topics.
Press Coverage
See all the publications where Turnkey, our experts and our successes have been noted.
Key events
See the key industry conferences on GRC, SAP security and risk management which we are attending.
Case Studies
Client satisfaction is of the utmost importance to us, and we strive to constantly deliver above expectations, going the extra mile at every opportunity.
We've put together a comprehensive list of frequently asked questions - along with our responses - to the most common GRC and SAP security issues.
6 March 2024

How to empower your teams with a security-first S/4HANA migration

It won’t be long until the extended 2027 deadline for S/4HANA migration arrives, and it already feels like it’s starting to approach very quickly. Many organisations are therefore planning their migration already, in order to minimise the risk of any costly delays or disruption along the way. 

We’re finding that many systems integrators are downplaying the process as a ‘brownfield migration’: that is to say, a simple ‘lift and shift’ that’s designed to be as hassle-free as possible. However, the S/4HANA migration could - and should - be so much more than that, especially from a security perspective. 


Why not a brownfield migration? 

Anyone who has used SAP for any length of time will know that it’s a constantly evolving platform, and that this is especially the case in a world where workforces are increasingly remote, global and hybrid. Because of this, the old approach to access provisioning is no longer fit for purpose, as data and users are spread across multiple different systems and locations.  

So, a new approach to controls is required instead, and the switch to S/4HANA therefore needs to be taken very seriously. Only by taking the opportunity to thoughtfully redesign your controls can you realise all the benefits available, and ensure that systems, processes, and your wider business continue to run as smoothly as they do at present. 

Security has a big part to play in this, and should be considered an enabler rather than a blocker. For example, effective role design enables people to do their jobs and seamlessly maximise their productivity, while also managing risk to an appropriate level. The standard templated roles in S/4 aren’t sufficient for this purpose, and migrating roles over from ECC isn’t advised as they’re not compatible with Fiori, S/4’s improved user interface. 

So, if you don’t revise your roles and authorisations within your S/4 environment, the value of your migration will be limited, and you’ll also be exposed to SoD risks if you stick with the templated S/4 roles. 



Empowering employees with a security-first S/4HANA migration

It might take a bit of a change in philosophy, but it really is possible to think of security in a positive, enabling light rather than a protective and defensive one. With the right controls, roles, and authorisations in place, employees can have the confidence to use the systems and data they need to do their jobs, wherever and whenever they’re working. 

When employees are happy with the controls that are in place, they don’t feel the need to try and bypass them inadvertently, and don’t have the capacity to try and do so maliciously. It also simultaneously reduces the risk of a security incident happening, as technologies like single sign-on help strike the right balance between accessibility and access control. 

Perhaps the best way to think of risk and security controls is to liken them to the tyres on a car. With the right levels of grip, and tyres in good condition, you’ll stay on the road and won’t keep having to stop for repairs and replacements. Right-sized controls are the same: helping an organisation continue to move forward quickly, without the risk of sliding off course, or being slowed down by restrictive performance. 


In summary

The key advice we can give you around the S/4HANA migration is that this is your chance to turn security into a force for good by not repeating the sins of the past. Starting off on the front foot, with security as a business enabler, gives you the best opportunity to unlock business potential and empower your teams. And with those right-sized controls in place, you can monitor and reinforce your security; furthermore, you can build confidence that however your business operates, it’s doing so in a secure and compliant way that doesn’t compromise productivity. 


Find out more about enabling business success with a security-first S/4HANA migration in our upcoming live webinar. Take a closer look and sign up today.