RISE with SAP – This is why it’s not sufficient!

Posted by Felix Allgeier at 4. August 2025
General
,

In the context of today’s rapidly evolving digital environment, businesses find themselves under considerable pressure to enhance their agility, data-driven decision-making capabilities, and customer service levels. The transition to cloud-based business models is no longer seen as a choice, but as a strategic requirement. To address this challenge, SAP has introduced RISE with SAP, a comprehensive solution designed to modernize legacy ERP systems and transition businesses to a cloud-centric, modular business architecture.

Despite its promise of simplification, RISE leaves much of the heavy lifting – strategy, data migration, custom code security, system configuration and change management – to the customer. So the question remains: how are the responsibilities distributed between SAP and its customer, and is the balance sufficient to ensure a successful transformation?

What is RISE with SAP?

RISE with SAP is SAP’s bundled offering designed to assist existing on-premises ERP customers in their transition to SAP Business Suite. Rather than offering a single product, it provides a package that includes cloud infrastructure, business process redesign tools, technical migration support, and access to SAP S/4HANA Cloud (Private Edition). It is intended to reduce complexity, increase the business resilience and accelerate digital transformation.

Why does RISE matter for my business transformation?

Business transformations are rarely straightforward. For many companies, the gap between strategic ambition and execution is widened by outdated systems, fragmented data landscapes, and years of costly customizations. These legacy challenges often make modernization efforts slow, complex, and risky.

While RISE offers a structured path to cloud adoption, the real-world execution still requires significant planning, customization, and internal change management on the customer’s side. Let’s take a closer look at what RISE covers and what remains the customer’s responsibility.

The Shared Responsibility Reality in RISE

SAP’s marketing material creates the impression that RISE covers a significant part of the transformation project and takes on a substantial amount of responsibility for the customer. However, a closer look reveals that RISE only takes on a small part of the transformation process, with the customer still having to carry out the majority of it themselves:

RISE with SAP - Responsibilities
RISE with SAP – Responsibilities

Responsibilities that are shared by SAP and the customer are:

  • Network Security (Environment)
  • Secure SAP Code (System)
  • Security Monitoring & Forensics (System)
  • User & Identity Management (Application)

To fill these gaps, left by SAP, and mitigate potential risks during the transformation of your landscape, smarterSec provides comprehensive security solutions. These solutions ensure a seamless and error-free migration, relieving customers of additional responsibilities.

Secure and Compliant RISE Transformation with smarterSec

Our support for RISE is structured across three key phases: before, during and after your migration. Here’s how we can help your business to achieve its full potential in a secure and confident manner by taking on further responsibilities within the transformation project.

Before Migration: Prepare for a Secure and Compliant Start

The objective of this phase is to assess the current state of the system landscape and identify any potential risks, with the goal of ensuring a seamless transition.

Data Minimization & GDPR Readiness

Before migrating to S/4HANA Cloud, it is critical to ensure compliance, reduce migration effort, and avoid carrying legacy issues into the new system.

To support this, we developed the ILM-Deletion-Matrix Tool that maps GDPR-relevant infotypes and database tables to their corresponding Information Lifecycle Management (ILM) objects and retention periods based on employee status.

For more information, read our blog or in our recorded webinar about data minimization.

System Hardening

Before going live, you must ensure your SAP systems are hardened against misuse, misconfiguration, and attack.

Using our zero-footprint smarterSec Security Platform (SSP), we scan your systems for insecure configurations and provide clear remediation paths to align with SAP ECS mandatory hardening requirements.

SAP Readiness Check

The SAP Readiness Check is a suite of self-service tools that evaluate your current SAP ERP system and identify potential issues, gaps, and areas for action.

Together with our strategical partner scdsoft we carry out the SAP Readiness Check. As part of this analysis, we are offering the following services:

  • Implementation of necessary system upgrades
  • Implementation of H4S4 Readiness Check
  • Analysis & preparation of the results
  • Cost estimation & creation of a project plan
  • Presentation

ABAP Test Cockpit (ATC) Check

The ATC is a static code analysis and quality assurance tool built into SAP systems. It scans custom ABAP code to identify:

  • Syntax errors
  • Performance issues
  • Security vulnerabilities
  • S/4HANA incompatibilities

The ATC is used as part of the SAP Readiness Check. Further information can be found in the ATC Check video of our partner scdsoft.

During Migration: Build Security into the Process

The objective of this phase is to implement security controls and compliance measures throughout the migration activities. This will ensure that data, configurations, and access rights are protected as systems and processes are being transformed.

Secure by Default Compatibility Check

With Secure by Default, SAP applies stricter security configurations when migrating your system to S/4HANA. To avoid an unexpected behavior or system errors, it is crucial to proactively assess your system for potential compatibility issues.

With the smarterSec Security Platform (SSP) you are able to run an automated Secure by Default check to detect and avoid compatibility issues, and consequently saving time and money.

Learn more about Secure by Default in our blog or recorded webinar.

Authorization Management

Detecting and reducing high-privileged users is critical for both security and compliance in any SAP system. This is particularly important during a migration, when it is essential to avoid copying legacy roles into the new system and to establish a clean authorization structure from the beginning.

Our SAP_ALL Reduction Tool is an effective solution for identifying high privileged users, analyzing usage patterns over time, and adjusting access rights accordingly.

SAP Security Risk Assessment

Performing a SAP Security Risk Assessment provides a structured overview of potential vulnerabilities in your systems, helping to prioritize actions that reduce both technical and business risk.

The assessment covers interfaces, system configuration, patch and change management, to name a few.

Take a look on how we perform a risk assessment in our demo video.

SAP Penetration Testing

A targeted SAP Penetration Test is an effective way to identify vulnerabilities in an SAP system, especially those that automated tools or configuration checks cannot find. It is an essential addition to risk assessments and hardening activities, particularly before a system’s go-live in production.

After Migration: Maintain a Secure and Compliant SAP Landscape

Security is not a one-time effort: threats, configurations, and compliance requirements are in constant change. Without ongoing visibility, even well-secured systems will become vulnerable over time.

Continuous Security Monitoring

New risks emerge after go-live due to updates, user role changes, or new interfaces. This results in new vulnerabilities that attackers may exploit.

With the smarterSec Security Platform (SSP), you can effectively monitor your system configurations, user behavior, and critical changes. This helps you avoid a regression to insecure states and allows you to be alerted in real time to suspicious activities.

Ongoing Compliance Checks

Ongoing compliance checks are the foundation of maintaining secure, reliable SAP systems. They ensure that your system stays not only secure, but also legally and operationally aligned.

The smarterSec Security Platform (SSP) is designed to automate checks, ensuring compliance with GDPR, SAP regulations, and internal security policies.

Take a look, how we perform a GDPR assessment with the SSP in our demo video and recorded webinar.

Conclusion

RISE with SAP assists businesses in their transformation journey by reducing complexity, increasing resilience, and accelerating digital transformation. However, the primary responsibilities fall on the customers’ shoulders, with SAP’s role being limited to a small portion of the overall scope. This is where smarterSec provides a valuable asset.

By combining deep SAP expertise with comprehensive and target-oriented security tools, we help you balance the responsibilities of your RISE project. From data minimization before the migration to an ongoing security monitoring with our smarterSec Security Platform (SSP) after the migration – we ensure your journey is not only smooth, but smart and future proof.

Further blogs and videos you might be interested in:

Do you have any questions or comments?

Please contact us directly!

Contact Us