Zero-Trust for SAP Analytics
As of 2026-05-29
Zero-trust replaces perimeter trust with "never trust, always verify; assume breach; least privilege everywhere" — the coherent answer once the cloud estate (SAC/Datasphere/BDC on BTP) dissolves the perimeter. Four principles: verify explicitly (identity+context, not network position), least privilege (M081, just-in-time), assume breach (segment/encrypt/limit blast radius), continuous verification. Identity is the new perimeter: SAP Cloud Identity Services (IAS/IPS), SSO (SAML/OIDC), mandatory MFA, federation so deprovisioning a leaver removes access everywhere. Defence in depth: identity → access (M081) → data (M082) → network → monitoring (M083). Encryption everywhere as an evidenced control. Zero-trust is a journey (identity+MFA first) — claiming it after just enabling SSO is theatre (§0i).
Full module available to members.