Ensuring Security is at the Heart of a Clean Core Strategy

As companies make the move to SAP S/4HANA they must adjust to a new way of thinking, particularly as it pertains to legacy data. Excessive customization in previous SAP instances has bogged down operating systems, impacting how companies can execute critical functions. This is why SAP introduced its clean core strategy. 

The Clean Core approach aims to streamline the core SAP system by minimizing or eliminating redundant custom code and optimizing essential custom code that remains. It also encourages using SAP’s native extensibility features to replace custom ABAP code, thereby improving efficiency and maintainability. This strategic move is crucial for easier upgrades, accelerated innovation, and lowering costs. 

However, the shift towards a Clean Core environment introduces new security challenges. As development moves from the core ERP system to platforms like SAP Business Technology Platform (SAP BTP) for custom applications and extensions, organizations face increased attack surfaces, potential vulnerabilities in custom code, and the complexity of managing security across hybrid and multi-cloud environments.  

Keeping the Core Clean and Safe 

Many enterprises are migrating existing systems with decades of custom applications, which may not fit easily within a Clean Core model, necessitating ongoing security and compliance to protect critical applications and data throughout this multi-year journey. Customer SAP environments can contain millions of lines of custom code, and the average cost of a failed, delayed, or scaled-back digital transformation project can exceed $4 million. 

Many companies are turning to partners like Onapsis to ensure that they can maintain security posture while keeping the core clean. Onapsis addresses these challenges directly through its platform, particularly with Onapsis Control and the newly introduced Control Central.  

Onapsis Control extends comprehensive application security testing capabilities to SAP BTP, seamlessly integrating with SAP-recommended integrated development environments (IDEs) such as Eclipse with ABAP Development Tools, SAP Business Application Studio, and Visual Studio Code.  

This empowers developers to catch security issues early through real-time, inline security scanning as code is written. It also automates code integrity checks by scanning Git repositories, reducing the need for manual testing, and simplifies compliance by providing centralized management for consistent security policies across all projects. 

Onapsis Control Central is a key component of the Onapsis Secure RISE Accelerator, designed to streamline and de-risk large RISE with SAP projects for global enterprises. Control Central offers unmatched application security testing coverage for organizations driving DevSecOps initiatives, with broad support for platforms, languages, IDEs, and technology integrations.  

Its advanced bulk scanning capabilities are crucial for handling larger projects, enabling consistent security across multiple projects and the entire RISE or SAP S/4HANA codebase. Critically, it expands Git repository scanning to include all Advanced Business Application Programming (ABAP) and non-ABAP code at rest, such as UI5 frontend code, ABAP code in ABAPGit, or ABAP Cloud in Git, significantly reducing time and manual effort. 

What This Means for SAPinsiders 

Clean core should extend to every area of the business. Companies must infuse a clean core philosophy into everything that they do. Control Central offers a redesigned scan engine that better aligns with SAP Clean Core principles and significantly improves large-scale code analysis. It offers accelerated time-to-value, a centralized management system for synchronizing test cases and policies, and license flexibility with multiple language support.  

Security cannot be an afterthought. With so many facets of an SAP S/4HANA implementation, security can be lost in the shuffle. Onapsis empowers organizations to efficiently tackle the security complexities of modern SAP S/4HANA and BTP codebases, ensuring developed code is secure, compliant, and free of vulnerabilities that could cause project delays or unplanned downtime. This enables organizations to “get clean, stay clean,” building a more resilient SAP environment that supports cloud transformation goals and long-term business security. 

Collaboration is the engine of security. Onapsis and SAP have a tight relationship that allows Onapsis users to access exclusive and irreplaceable knowledge. This ensures that SAP systems are secured and optimized for years to come.