In 2021, SAP packaged several services and products into a single platform that would allow businesses to make better and more informed decisions. That was the SAP Business Technology Platform (BTP), representing the next iteration of the SAP Cloud Platform. Since its release, SAP BTP has been well-received by enterprise users and has become a core pillar of a growing number of companies’ SAP and ERP strategies.

However, security questions arise whenever a new product, version, or ERP strategy is implemented. How does SAP BTP change what enterprises must do to keep their customer’s private information and business data safe? Let’s explore.

An Overview Of SAP BTP

SAP BTP is billed as a cross-functional “innovation platform” that integrates numerous SAP applications in the cloud. That means app development, data and analytics, AI, automation, and integration functions come together in SAP BTP, allowing businesses to innovate and create personalized customer experiences on an SAP-managed cloud. Of particular note is that SAP BTP helps businesses seamlessly interface with S/4HANA cloud environments.

When enterprises use SAP BTP, they’re looking to take advantage of its flexibility, close application proximity, and simplicity. They’re looking for a “clean core”— which SAP defines as “a system which follows standardized guidelines for all elements of the core,” and one that can be upgraded without “significant and costly efforts to test and adapt existing structures.​” This implies the decoupling and implementing custom code and customer-specific extensions without significant dependencies on ECC solutions. The goal is to increase flexibility and expandability while reducing the effort necessary for upgrades.

How Is Security Handled In SAP BTP?

“Clean core” requires significant sensitive data sharing with SAP BTP services; whenever a cloud or SaaS solution is in use, the provider heavily monitors security activity. While this may lull users into a false sense of comfort, thinking that the provider is solely responsible for any cyber incidents, the reality is that accountability is typically the user’s responsibility. With SAP BTP, a shared responsibility model is available, establishing trust between the two parties. In this scenario, customers or users only see auditing services data. When it comes to auditing, a central log-in SAP BTP is available via SAP’s Audit Log Service—an essential tool for users to monitor their system.

How SAP BTP Users Can Strengthen Security Postures

SAP BTP users should focus on the data exchange and integration architecture, emphasizing authentication, permissions, data transfer, and identity management. There are over 100 security components for the platform listed on the SAP site,  ranked by priority—this can be a valuable resource for checking all the required boxes and focusing on the most critical security components first.

Considering the SAP BTP services used and the degree to which they’re utilized, an enterprise’s integration architecture should be carefully reviewed with an eye toward security. This includes the entire data communication path where sensitive information needs protection. Experts from the enterprise’s IT and networking teams should be leveraged to set up the required firewalls in the SAP Cloud Connector and ensure they are correctly configured. Several security components listed on the SAP site will help to harden SAP BTP services against attackers.

Developing With An Eye Toward Security

The SAP BTP is an excellent enterprise resource for creating better customer experiences. It enables access to additional development environments like the ABAP, Cloud Foundry Runtime, and Kyma Runtime. SAP BTP’s many advantages and flexibility of solutions will make it the first stop for many deployments, which means that customers must closely consider the development environments they’re using and the specific security requirements that accompany them. The onus is on the enterprise to improve its standardization and governance practices to ensure that thorough and regular analyses of its environments and SAP components and tools are conducted. The tools from SAP and third parties are available, but monitoring and management are necessary to ensure security is established effectively.

Christoph Nagy has 20 years of working experience within the SAP industry. He has utilized this knowledge as a founding member, and CEO at SecurityBridge–a global SAP security provider, serving many of the world’s leading brands and now operating in the U.S. Through his efforts, the SecurityBridge Platform for SAP has become renowned as a strategic security solution for automated analysis of SAP security settings, and detection of cyber-attacks in real-time. Prior to SecurityBridge, Nagy applied his skills as a SAP technology consultant at Adidas and Audi.