Zscaler Blog

Get the latest Zscaler blog updates in your inbox

Products & Solutions

SAP and ZPA: A Match Made in Digital Transformation Heaven


Zscaler is thrilled to team up with SAP to increase global user accessibility to critical business applications while stamping out ransomware attacks and other threats.

With the rise of digital transformation initiatives, application owners are moving apps critical to operational and payment functions, such as SAP, to the cloud in order to ensure effective scalability. But, to maximize the value of these cloud investments, achieve business continuity in the event of the unknown (COVID-19, for example), and support a new hybrid work model in the post-COVID world, employees, partners, and customers must be able to securely access SAP and other business apps from anywhere and on any device, and without adding risk to the business. Let’s take a look at the issues in detail.

Six challenges IT and application owners must overcome

  1. Providing controlled access to SAP instances running in the data center or being migrated to the cloud is a challenge with legacy technology, which involves multiple point products. This leads to more complexity, cost, and friction, reducing ROI from cloud initiatives.
  2. Employees, contractors, and partners are constantly on the move and working from a variety of locations and devices. Business continuity requires access to services with an unprecedented level of flexibility that is simply not possible with legacy solutions.
  3. The attack surface has expanded due to user mobility and the use of VPNs that extend the network out to the user, increase risk, and allow lateral movement across the environment.
  4. Traditional access services hinder user productivity by introducing latency from backhauling traffic to the data center, leading to user complaints, frustration, and less motivation.
  5. Lack of insight into user-to-app experience leads to blind spots and makes it difficult to find and fix performance issues.
  6. Traditional services are limited to the capacity of appliances and struggle to scale in a cost-effective manner as more remote workers are hired.

Hackers are exploiting these new vulnerabilities when proper security is not deployed. In fact, findings from a joint report by SAP and Onapsis on cyber activity from mid-2020 to March 2021 reveals:

  • Over 300 exploits targeting SAP systems were successful. Attackers attempted accessing SAP systems to modify configurations and users and exfiltrate business information.
  • The earliest cyberattack was recorded within 72 hours after SAP released patches.
  • A targeted cyber attack could compromise an account within 90 minutes.
  • In one case, threat actors knew of the existing SAP security vulnerability before public disclosure and the release of proof-of-concept (PoC) code.


Power your secure remote access and cloud transformation needs with Zscaler

Zscaler Private Access (ZPA) is a cloud-delivered service from Zscaler that provides seamless, zero trust access to private applications, such as SAP, running on a public cloud or within the data center.. With ZPA connectivity, SAP is never exposed to the internet, making it completely invisible to unauthorized users. ZPA enables SAP to connect to users via inside-out connectivity versus extending the corporate network to them via VPN or VDI service. Users are never placed on the network. This zero trust network access (ZTNA) approach supports both managed and unmanaged devices and any private application (not just web apps). The result is better security, better visibility, and greater regulatory compliance.

Companies like Growmark are already benefiting from ZPA’s ability to increase security and improve user access and experiences, even while users roamed on poor-quality rural connections. Eric Fisher, the IT Director at Growmark, noted: We’re getting a better security footprint, better visibility and we’re more compliant.”

Indeed, the benefits of leveraging Zscaler Private Access for SAP are multifaceted:

  • Enable business continuity and hybrid-remote work: Empower the whole ecosystem of employees, partners, and customers to access all business apps (SaaS, or private apps in datacenter or public cloud from any device), from any location on any network.
  • Embrace zero trust within your business: The Zscaler Zero Trust Exchange enforces business policies that follow the user and adapt based on changes in context, keeping users off-network, providing identical cyber threat and data protection everywhere. The Zscaler Zero Trust Exchange integrates with identity providers like Okta, Azure AD, and Ping conditional access, as well as endpoint security providers (CrowdStrike, Microsoft, and Carbon black) to adapt policies based on context.
  • Leverage  Zscaler’s globally distributed secure access service edge: Over 150 global cloud edge locations provide faster access and higher user productivity.
  • Monitor digital experience Zscaler ZDX monitoring provides visibility all the way from the user endpoint to the application, and proactively resolves user experience issues in any location around the world, in just minutes.
  • The 100% cloud-native service scales cost-effectively to better meet business needs.

ZPA and SAP can be configured in just minutes

In fact, securing access to SAP can be done in three easy steps::
  1. Install ZPA App Connector next to SAP on-prem or in-cloud
  2. Deploy lightweight ZPA software Client Connector on user workstations
  3. Get single point of management for policies, etc.


Certified for Secure Remote Access to SAP

In addition, a topic that is top of mind for CIOs and CISOs today is how to protect business-critical applications during a cloud migration process, while providing uninterrupted, global remote access. Most enterprises today are migrating SAP ECC (ERP Central Components) to S/4HANA. S/4HANA allows customers to choose from a broad range of “4+1” cloud infrastructure providers, including AWS, Azure, GCP, Alibaba, and SAP’s own HANA Enterprise Cloud. Migrating an ERP platform that touches every part of your business, customers, and suppliers without disruption is a complex undertaking.

Zscaler Private Access simplifies and speeds up migrations by reducing the networking complexities typically encountered when moving users from an on-premise application into a cloud-hosted environment. Once end-users are configured to use the ZPA Client Connector, administrators are freed up to focus on back-end migration tasks. Moreover, users can be terminated from one back-end and connected to another with a simple policy update in the ZPA administration console. The result is simpler SAP migrations that can be completed in less time.


Simplified Migration to S/4HANA Enterprise Cloud

Zscaler is an SAP PartnerEdge Build Partner and is proud to announce that ZPA is listed as a supported product on SAP’s 2021 HANA Enterprise Cloud Advanced Edition Roles and Responsibilities document. This gives customers the confidence knowing that ZPA has passed SAP’s rigorous processes for determining interoperability with SAP applications.

And the benefits don’t stop here. ZPA for SAP is just one example of how the Zscaler Zero Trust Exchange can enhance security, improve user experiences, and leverage policy to easily streamline application access and cloud migration. For more information on Zscaler solutions for SAP, please visit Zscaler ZPA for SAP.

form submtited
Thank you for reading

Was this post useful?

dots pattern

Get the latest Zscaler blog updates in your inbox

By submitting the form, you are agreeing to our privacy policy.