The security risks of increased mobility with SAP S/4 HANA

The introduction of S/4 HANA is a major game-changer for SAP, as it offers a solution that’s designed to meet the challenges and requirements of the digital economy. And as 2025 marks the deadline to switch from SAP ECC to S/4 HANA, it’s no surprise that large numbers of SAP customers are now preparing to migrate.

One of the biggest but often overlooked considerations within moving to the S/4 platform is the issue of security. This is largely due to the introduction of SAP Fiori – a key aspect of S/4, which emphasises the role of mobile. Fiori increases the accessibility of the suite to people across your organisation, wherever they are based - as users can access the platform through the Cloud on any connected device. Fiori also offers a more user-friendly layout, which is easier for non-technical people to use and enables faster access to relevant information.

The result will be greater productivity and efficiency - as all users will have better and more flexible access to relevant systems and information, wherever they are. Yet this improved mobility also has its drawbacks when it comes to security, as it opens up many potential routes into core business systems and data.

These are the main security challenges presented by SAP Fiori:

• Increased mobility means that data can now be transferred over a 4G signal, which is not as secure and is easier to hack into
• If a device falls into the wrong hands, due to theft or loss, that person could then gain access to your system
• Access is possible from public Wi-Fi networks, which are more easily intruded upon
• End-user devices might not be patched or properly secure – potentially leaving your whole system open to bugs and cyber attacks via a compromised device

But these security concerns, if they are addressed properly and comprehensively, can be mitigated. Using good design, preparation and practice will allow you to effectively manage and secure both your network and devices.

Here are five ways to negate the security risks associated with S/4 HANA and keep your systems safe:

• Set up an external gateway. This is a gateway that resides outside your own network and requires users to log in using a set protocol. This adds an additional layer of security to the login process that protects your network.
• Ensure encryption is enabled. Encrypting your files and making them unreadable without the correct encryption key significantly enhances security. Even if someone does manage to gain access to your files, they won’t be able to do anything with them. Enabling end-to-end encryption ensures that communications between SAP and your users cannot be intercepted, even if they are using public Wi-Fi hotspots.
• Introduce certification protocols. You can secure your system, and keep unauthorised users out, by introducing certification protocols, so that each user has to be certified before accessing your system.
• Develop strong and effective mobile device management. Controlling device access to company networks and data keeps you on top of who is doing what with which devices, so you can feel confident that mobile users are working within company policies. So, you must have a robust approach to the management of mobile devices, which will ensure you know where devices are and being kept up-to-date and patched. You should also monitor usage to make sure that password standards, and other configurations, are being enforced.
• Improve intrusion detection and prevention through network traffic monitoring. You should monitor and analyse traffic across your network by automatically monitoring usage and searching for any suspicious patterns. This protects your system from network-based threats. If and when threats are discovered, the system can take necessary actions to keep you safe - such as by notifying administrators, or immediately barring the source IP address from accessing the network.

In summary:

The introduction of S/4 HANA offers an incredible opportunity. Thanks to the ground-breaking introduction of Fiori, it dramatically modernises the user experience and speeds up planning, execution and collaboration.

However, the potential security risks that come with the new platform cannot be ignored. Which makes it a careful balancing act. Overly restrictive controls would be counter-productive to the huge benefits offered by S/4 and Fiori. They would take away the increased mobility offered by the platform and potentially harm your business case.

So, it requires a collaborative approach with your security experts working closely with the wider transformation team. This will help to ensure risks are addressed before, during and after the migration process - ensuring systems, data and devices are secure, while users can work more productively.

Find out how you can drive intelligent automation across finance with our Robotic GRC webinar series, ran in conjunction with SAP. To watch this series now just click on the image below. Alternatively, see how Turnkey’s SAP security support can help your business.