Today Fortinet is proud to announce our enhanced support for securing SAP S/4HANA – SAP’s flagship ERP application.
Fortinet offers unprecedented security and visibility for organizations seeking to secure SAP S/4HANA. Fortinet’s support for SAP includes network security for secure access, segmentation and intrusion protection, workload protection to analyze users, policies, and traffic in the cloud, and application protection to protect the SAP S/4HANA application from attack including API protection. Fortinet also offers two-factor authentication tools, device, and access control to help ensure that only approved users and devices are allowed to connect, and endpoint security and remediation. All Fabric components receive actionable threat intelligence updates via FortiGuard Labs.
SAP S/4HANA, along with Oracle ERP are the dominant solutions of their type, are being used by nearly all of the Fortune 1000 organizations. Only Fortinet has announced solutions designed and tested to secure these key applications. Deployment guides and reference architectures are available. Security for SAP S/4HANA is particularly timely as SAP is ending support for older SAP apps. All of SAPs vast installed base will need to migrate to SAP S/4HANA by 2027 – and most of those deployments will be cloud-based. Fortinet can help ensure that those deployments are both safe and secure.
Fortinet has been working with leading ERP vendors to provide carefully engineered and well-tested architectures for securing such systems, both in and out of the cloud. For example, Fortinet has recently published Oracle validated security architectures for Oracle solutions. Fortinet’s Dynamic Cloud Security portfolio is designed to help SAP customers secure their workloads across environments.
“Zuellig Pharma uses Fortinet’s Dynamic Cloud Security offerings to protect our SAP deployments across public and private cloud infrastructures,” shared Daniel Laverick, Head of SAP & IT Solutions at Zuellig Pharma. “Fortinet offers the broadest set of security offerings for securing workloads both on-premises and on any cloud. With Fortinet, we’ve gained unified visibility and control without hindering our ability to deliver seamless user experience to our customers worldwide.”
Securely Transitioning to SAP S/4HANA
A few years ago, SAP announced end-of-support for older SAP solutions by 2025, including:
- ERP 6.0
- Customer Relationship Management 7.0
- Supply Chain Management 7.0
- Supplier Relationship Management 7.0 applications
- Business Suite powered by SAP HANA
S/4HANA was specifically designed to run in a virtualized environment like the cloud. But not all clouds are the same. As a result, there are actually different versions of the software designed for public and private cloud deployments. In many cases, customers will opt for a hybrid model, where the majority of SAP systems run in the cloud while some dedicated production systems remain on-premises. This can add complexity in terms of security across these deployments. Fortunately, Fortinet solutions support both public and private clouds, ensuring security for hybrid, multi-cloud, and on-premises environments.
“Fortinet’s Dynamic Cloud Security portfolio—including FortiWeb and FortiCWP—enables our customers to confidently secure their SAP data and applications,” shared Thomas Grimm, CEO at AddOn AG – Germany. “Through Fortinet, SAP workloads are protected consistently across the application, network, and platform stack, addressing the expanded attack surface with a consistent offering.”
Christian Steden, Managing Director at Evonet said, “As a Fortinet partner, Evonet provides our customers Fortinet’s broad range of advanced security technologies to protect their SAP deployments. Fortinet’s offerings natively integrate with SAP, enabling automated, centralized management and visibility that reduces management overhead for our customers.”
Addressing the ERP Threat Landscape with Fortinet’s Dynamic Cloud Security
ERP systems can be a target for bad actors as they provide access to a vast range of business information systems, including financial data, production systems, development, employee data, and more. Some of these attacks could be aimed at well-known SAP apps such as Fiori—S/4HANA’s web interface, the new user experience (UX) for SAP software and applications. It provides access to a set of applications that are used in regular business functions, like work approvals, financial apps, calculation apps, and various self-service apps. For organizations looking to enhance the security for their SAP deployments, Fortinet’s Dynamic Cloud security offerings provide visibility and control across cloud infrastructures, ensuring secure connectivity from the data center to the cloud.
Consider the following to enhance the security for SAP deployments:
- A web-application firewall (WAF) to block web attacks, such as code injection, cross-site scripting, or SQL injection. Because these attacks may be based on zero-day threats, the WAF should utilize machine learning to differentiate between normal and abnormal traffic and should utilize sandboxing and AI-driven threat feeds to detect new attack types. The WAF should also secure API interfaces using API calls.
- Cloud-based network firewalls to secure network traffic—including internal segmentation to reduce the extent of trust domains. In a zero-trust environment, all traffic should be encrypted, however, doing so may introduce performance issues—so firewall performance will be a key attribute.
- An IPS (Intrusion Prevention System) to block attacks targeting system vulnerabilities.
- Data Loss Prevention tools to block sensitive or confidential information leakage.
- Cloud-native workload protection and/or CASB to monitor security policies, configuration, usage patterns, and compliance with security policies.
In addition to the above, endpoint protection, network access controls, central management, and centralized analytics should all be part of the security infrastructure if not already. In fact, the pillars of cybersecurity need to be brought into play—Security-Driven Networking for segmentation and securing data, Zero Trust Access (including endpoint security) to protect against identity theft-driven attacks, cloud security to secure data in the cloud and to identify misconfiguration and risk factors, and robust AI-Driven Security Operations to ensure timely threat feeds and remediation. Of course, all these should be woven into a broad, integrated, and automated cybersecurity platform, like the Fortinet Security Fabric, supported by a shared analytics and management plane.
Fortinet Can Help
Fortinet Dynamic Cloud Security Solutions can provide the necessary visibility and control across cloud infrastructures, enabling secure applications and connectivity from data center to cloud.
Fortinet recently published a white paper on securing SAP deployments detailing the tools and architecture approach for different scenarios. Learn more about how to enhance the security for your SAP S/4HANA deployment by downloading the paper.
Learn how Fortinet’s dynamic cloud security solutions provide increased visibility and control across cloud infrastructures, enabling secure applications and connectivity from data center to cloud.
Read these customer case studies to see how Hillsborough Community College and WeLab implement Fortinet’s dynamic cloud security solutions for secure connectivity from data center to the cloud.