Business & Technology

Fortinet Secures the Intelligent Enterprise Running SAP

By Daniel Schrader | October 28, 2020

SAP is among the world’s largest software companies, with some 92% of the Forbes Global 2000 using at least some of their enterprise application solutions. Most of these companies will deploy SAP S/4HANA in the cloud—either public or private. In fact, by 2027 some SAP customers will need to migrate to SAP S/4HANA as they have announced the end-of-life of older versions of their integrated application solutions (SAP Business Suite). Fortinet’s Dynamic Cloud Security offerings provide organizations the key security elements they require to help secure their SAP S/4HANA cloud deployments during this transition.

Securing SAP Environments With Fortinet’s Dynamic Cloud Security

Properly securing any enterprise application solution, such as Enterprise Resource Planning (ERP), is increasingly important for organizations. SAP Enterprise application solutions are a suite of integrated tools used to collect, store, manage, and interpret data from many business activities. For management teams, ERP is the key to understanding and managing their business. But for cybercriminals, ERP systems are an attractive target because ERP systems share data across every facet of the organization. 

Fortinet has been working with leading ERP vendors of enterprise application solutions to provide carefully engineered and well-tested architectures for securing such systems, both in and out of the cloud. For example, Fortinet has recently published Oracle validated security architectures for Oracle solutions. Fortinet’s Dynamic Cloud Security portfolio is designed to help SAP customers secure their workloads across environments. 

“Zuellig Pharma uses Fortinet’s Dynamic Cloud Security offerings to protect our SAP deployments across public and private cloud infrastructures,” shared Daniel Laverick, Head of SAP & IT Solutions at Zuellig Pharma. “Fortinet offers the broadest set of security offerings for securing workloads both on-premises and on any cloud. With Fortinet, we’ve gained unified visibility and control without hindering our ability to deliver seamless user experience to our customers worldwide.” 

Securely Transitioning to SAP S/4HANA

A few years ago, SAP announced end-of-support for older SAP solutions by 2025, including:

  • ERP 6.0
  • Customer Relationship Management 7.0
  • Supply Chain Management 7.0
  • Supplier Relationship Management 7.0 applications
  • Business Suite powered by SAP HANA

S/4HANA was specifically designed to run in a virtualized environment like the cloud. But not all clouds are the same. As a result, there are actually different versions of the software designed for public and private cloud deployments. In many cases, customers will opt for a hybrid model, where the majority of SAP systems run in the cloud while some dedicated production systems remain on-premises. This can add complexity in terms of security across these deployments. Fortunately, Fortinet solutions support both public and private clouds, ensuring security for hybrid, multi-cloud, and on-premises environments.

“Fortinet’s Dynamic Cloud Security portfolio—including FortiWeb and FortiCWP—enables our customers to confidently secure their SAP data and applications,” shared Thomas Grimm, CEO at AddOn AG – Germany. “Through Fortinet, SAP workloads are protected consistently across the application, network, and platform stack, addressing the expanded attack surface with a consistent offering.”

Christian Steden, Managing Director at Evonet said, “As a Fortinet partner, Evonet provides our customers Fortinet’s broad range of advanced security technologies to protect their SAP deployments. Fortinet’s offerings natively integrate with SAP, enabling automated, centralized management and visibility that reduces management overhead for our customers.”

Addressing the ERP Threat Landscape with Fortinet’s Dynamic Cloud Security

ERP systems can be a target for bad actors as they provide access to a vast range of business information systems, including financial data, production systems, development, employee data, and more. Some of these attacks could be aimed at well-known SAP apps such as Fiori—S/4HANA’s web interface, the new user experience (UX) for SAP software and applications. It provides access to a set of applications that are used in regular business functions, like work approvals, financial apps, calculation apps, and various self-service apps. For organizations looking to enhance the security for their SAP deployments, Fortinet’s Dynamic Cloud security offerings provide visibility and control across cloud infrastructures, ensuring secure connectivity from the data center to the cloud. 

Consider the following to enhance the security for SAP deployments:

  1. A web-application firewall (WAF) to block web attacks, such as code injection, cross-site scripting, or SQL injection. Because these attacks may be based on zero-day threats, the WAF should utilize machine learning to differentiate between normal and abnormal traffic and should utilize sandboxing and AI-driven threat feeds to detect new attack types. The WAF should also secure API interfaces using API calls. 
  2. Cloud-based network firewalls to secure network traffic—including internal segmentation to reduce the extent of trust domains. In a zero-trust environment, all traffic should be encrypted, however, doing so may introduce performance issues—so firewall performance will be a key attribute.
  3. An IPS (Intrusion Prevention System) to block attacks targeting system vulnerabilities.
  4. Data Loss Prevention tools to block sensitive or confidential information leakage.
  5. Cloud-native workload protection and/or CASB to monitor security policies, configuration, usage patterns, and compliance with security policies.

In addition to the above, endpoint protection, network access controls, central management, and centralized analytics should all be part of the security infrastructure if not already. In fact, the pillars of cybersecurity need to be brought into play—Security-Driven Networking for segmentation and securing data, Zero Trust Access (including endpoint security) to protect against identity theft-driven attacks, cloud security to secure data in the cloud and to identify misconfiguration and risk factors, and robust AI-Driven Security Operations to ensure timely threat feeds and remediation. Of course, all these should be woven into a broad, integrated, and automated cybersecurity platform, like the Fortinet Security Fabric, supported by a shared analytics and management plane.

Fortinet Can Help

Fortinet Dynamic Cloud Security Solutions can provide the necessary visibility and control across cloud infrastructures, enabling secure applications and connectivity from data center to cloud.

Fortinet recently published a white paper on securing SAP deployments detailing the tools and architecture approach for different scenarios. Learn more about how to enhance the security for your SAP S/4HANA deployment by downloading the paper.

Learn how Fortinet’s dynamic cloud security solutions provide increased visibility and control across cloud infrastructures, enabling secure applications and connectivity from data center to cloud. 

Read these customer case studies to see how Hillsborough Community College and WeLab implement Fortinet’s dynamic cloud security solutions for secure connectivity from data center to the cloud. 

Engage in our Fortinet user community (Fuse). Share ideas and feedback, learn more about our products and technology, or connect with peers.