Five considerations and benefits when implementing SAP on Microsoft Cloud

Example pattern for mobile
Example pattern for desktop


  • SAP migration to the cloud can be a transformative tech initiative, but it’s essential to secure it.
  • Designing an effective cloud cybersecurity framework that defends against cyber risks and secures digital assets requires vision, experience and technical expertise.
  • Working together, Microsoft and PwC can develop SAP security advice, assessments and implementations specific to industry needs.

Is bigger better? Apparently, threat actors think so.

When organizations begin using SAP S/4HANAⓇ for enterprise resource planning (ERP), cybercriminals notice — and get ready to make their move. They know that this solution, like other enterprise solutions, manages so much valuable data in so many places throughout the enterprise that they have a good chance of slipping in unnoticed.

As with any enterprise-wide system, a single vulnerability in your SAP S/4HANA configuration is all bad actors need to gain a toehold. Once inside, they’ve got access to the full trove of critical and valuable data as well as your entire network and all your systems. This is especially true in the cloud.

That’s because SAP S/4HANA runs core processes throughout your business functions using mass quantities of data to keep companies running.

To secure a large SAP S/4HANA cloud deployment, you’ll need to balance cybersecurity integration, software customization and systems configuration.

Installed properly, SAP S/4HANA can be a vehicle for digital transformation. But to put it to work safely and securely, you’ll need to be vigilant against would-be intruders — which means you’ll need to know what to look for and where.

Five SAP security considerations for the cloud-curious

  1. Cloud security expertise is essential. To implement SAP on Microsoft Cloud, you’ll need proficiency in cloud-specific controls to:
    • Adopt modern architectures and use agile processes
    • Deploy in a variety of environments, including hybrid
    • Integrate your security tools with your SAP solution using cloud-based connectors and application programming interfaces (APIs)
  2. Security domains demand specialized knowledge. To understand cloud security you need knowledge in specific areas or domains such as network management and data security. Each area may have overlapping security dependencies.

    Network-management decisions, for example, might interfere with data-security controls. That’s why you need to really understand domains to securely deploy SAP on the cloud.
  3. Security is a shared responsibility. Cloud service providers (CSPs) provide security of the cloud — of the infrastructure and hardware. You, the user, must provide security in the cloud, of your data and identities, endpoints, devices and access, while staying compliant with regulations. Before you start, make sure you fully understand your security responsibilities.
  4. Flexibility is a must. Migrating from on-premises to the cloud is a never-ending project. You’ll add security applications over time, making the job of managing and maintaining software ever more complex. Portfolio rationalization streamlines the task by helping reduce the number of security apps you use.
  5. Business and security strategies work better together. Collaboration is key between the business side and the cyber side — it’s the only way to truly instill a cybersecurity culture and keep the company safe. Enterprises with executives who take an active role in cyber initiatives are not only more secure, but also more successful.

    Our 2023 Global Digital Trust Insights survey found that businesses whose cybersecurity had improved in the past year tended to have a C-suite whose members worked together on cyber and privacy.
    • CEOs of these companies were three times more likely than others to say that their CISOs are delivering exceptional results for outcomes such as rapid threat response and anticipating future cyber risks. Nearly 8% said the CISO is doing so in every area.
    • CROs/COOs were twice as likely to rate as “exceptional” their cyber and privacy programs. More than 5% said this regarding every outcome we presented.
    • CMOs/CDOs/CPOs are 2.5 times more likely to agree that their cyber and privacy programs are valuable to the organization. The greatest benefit: helping to nurture consumer trust.

Five powerful security benefits of Microsoft Cloud

  1. Flexible framework: Designing an effective cloud cybersecurity framework that defends against cyber risks and secures digital assets requires vision, experience and technical expertise. That’s a set of skills that many businesses lack.

    PwC’s custom framework helps secure your data in eight security domains and strengthen the infrastructure for your applications and services. We implement this basic model and then work with you to tailor the framework to meet your specific needs.
  2. Instant-on security: Deploying a broad range of security components in Microsoft Cloud is as simple as “switching on” capabilities, with minimal deployment required.

    These tools have built-in standard security settings and policies that are available almost immediately to help you rapidly bring to market secure products and services.
  3. Powerful out-of-the-box security: Safeguarding systems and data often requires out-of-the-box cybersecurity tools for all layers, including infrastructure, network, devices and data. Flexible Microsoft solutions include: 
    • Identity and access management: Manage the access life cycle, perform access reviews, manage roles, configure single sign-on (SSO) and multi-factor authentication (MFA), and protect sensitive credentials. Core tools: Azure AD, Intune, Microsoft Cloud App Security (MCAS) and Key Vault.
    • Data protection: Safeguard sensitive data and policy documentation, and define and enforce enterprise-wide classification standards. Core tool: Azure Information Protection (AIP).
    • Threat management: Identify and prioritize risks and vulnerabilities, manage security incidents, and integrate logging with security information and event management (SIEM). Core tool: Microsoft Sentinel
    • DevOps and cloud security: Develop, review, and promote code and configuration, and secure external cloud environments. Core tool: Azure Application Services
    • Network security: Protect customer access to external portals and platforms within your organization’s perimeter. Core tools: Azure Firewall, Azure Web Application Firewall and Azure App Gateway
  4. Next-gen threat detection: Automation of threat management is critical to effective security.

    Microsoft Sentinel, the first cloud-native SIEM offered by a major cloud vendor, helps you rapidly integrate on-premises and cloud workloads into its monitoring, detection and response workflows. 

    Microsoft’s Sentinel connector for SAP has built-in use cases to help enhance threat monitoring in SAP. Use cases are continually updated to incorporate the latest SAP-specific threat intelligence.
  5. Up-to-the-minute security intel: Working together, Microsoft and PwC develop SAP security advice, assessments and implementations specific to every client’s industry.

Be cyber-ready for tomorrow

See how PwC and Microsoft can fast-track securing SAP on Microsoft Cloud

Learn more

Mickey Roach

Partner, Dallas, PwC United States


Nitin Lalit

Director, Cybersecurity & Privacy, PwC United States


Next and previous component will go here

Follow us