SAP S/4HANA transformation and digital identity

Roland Engel Director Cybersecurity and Privacy, PwC Switzerland 02 Dec 2020

SAP S/4HANA is the latest SAP Business Suite generation: An intelligent, integrated ERP system, which provides the digital core to propel businesses towards their objectives. Scheduled for full migration by 2027, it enables organisations to unlock opportunities, evolve processes and solve tough business challenges. Sounds good and looks good. However, migrating to S/4HANA is complex and requires extensive planning to ensure "business as usual" for all systems throughout the transition. The migration programmes of those companies wanting to transition should either be up and running already, or at least at an advanced planning stage. PwC supports your migration to SAP S/4HANA and gears up your IAM controls and processes for the S/4HANA world. 

Benefit from three main attributes of SAP S/4HANA 

Challenges aside, there are three major benefits from this new security architecture:

  • Open architecture
    The system’s new architecture is based on modern, open standards and interconnectivity, which can pave the way to connected value chain models and use-cases.
  • Automation and intelligence
    S/4HANA can revolutionise business processes with intelligent automation — supported by artificial intelligence (AI) and robotic process automation (RPA)
  • Infrastructure flexibility
    Benefit from various deployment topologies such as on-premise, hybrid cloud/on-premise, or in the cloud, all with a consistent data model, code line, and enhanced, conversational user interface and experience.

Know the risks

Any large project with major benefits invariably brings risks. S/4HANA migration is no exception. It is a transformation of the critical systems and processes at the heart of an organisation, and it must be completed by a hard deadline. Yet even if a company manages to execute the transformation successfully, there will still be risks to address regarding compliance, for instance, and there remain real business risks in many areas – not least identity and access management (IAM) and fraud prevention. For this reason, companies are well-advised to move to an IAM approach that is based on business roles, and to implement a consistent structure around it for both cloud and non-cloud solutions. 

Integrate your approach

The diverse and connected SAP environment can encompass a wide array of distributed and siloed applications, different security models, no centralised management, and a mix of SAP/non-SAP and cloud/on-premise components. This means that an S/4HANA world relies on an integrated Identity Governance Administration (IGA) and Privileged Access Management (PAM) approach between SAP and non-SAP applications. It is the only way that access to the diverse blend of components can be controlled and monitored, risks managed effectively, and the need for manual controls minimised. 

Reload your digital identity in access management

Traditional architecture patterns usually do not integrate across SAP Governance Risk Compliance and non-SAP identity management, and often involve manual attestations, impacting speed and efficiency and increasing the risk of errors or fraud. Such a siloed approach is no longer fit for purpose in an integrated S/4HANA environment; the enterprise processes, architecture and supporting systems are in need of an overhaul. The solution involves moving from a traditional user access architecture to a modern, holistic and integrated IGA architecture that is connected to the non-SAP world as well.

Smarter and more secure

Embarking on IAM for the S/4HANA world will invariably lead you to an integrated IAM security architecture. However, controls can only be effective, if their priority is to minimise fraud risks. For instance, an employee who is authorised to both issue and approve invoices, will have enough leverage for potential abuse. Furthermore, the multiplicity of entry points created by S/4HANA’s open architecture results in external risks, which also need to be addressed urgently and thoroughly. Should your organisation reload its access management with SAP S/4HANA? We believe that an IAM environment is smart, more automated, more efficient and more secure – and reduces the costs and risks of compliance. 

How PwC can help

PwC’s Digital Identity practice sets us apart from our competitors. We are uniquely set up to support your migration to SAP S/4HANA – including both the business and technology transformation pieces, and making your IAM controls and processes fit for the S/4HANA world. Here is how you can benefit:

  • Large and deep pool of experience
    We bring together and implement global experience in SAP and IAM business and system integration effectively.
  • Local presence, uniform global approach
    Our teams in each market combine local and industry knowledge with a proven and consistent global methodology and approach.
  • Our strength in accounting services
    Unlike traditional technology providers, our roots in accounting mean we thoroughly understand the risks and best practices around financial reporting and controls.



How PwC can help

Count on us to rapidly detect and contain incidents before they hit you. Our experienced team can help you manage the growing threat of human-operated ransomware attacks. With our help, organisations across a range of sectors have been able to implement tactical improvements to immediately reduce risk, and build sustainable cyber security capabilities. 

Reach out to us


Contact us

Urs Küderli

Urs Küderli

Partner and Leader Cybersecurity and Privacy, PwC Switzerland

Tel: +41 58 792 42 21

Roland Engel

Roland Engel

Director Cybersecurity and Privacy, PwC Switzerland

Tel: +41 58 792 27 59

Albert Fässler

Albert Fässler

Advisory Partner, PwC Switzerland

Tel: +41 58 792 23 22