EP-23 -
EP-23 - #CyberKriya Podcast - #SAP #GRC #2026(GRC on HANA) - With Sarveshvaran Rajendran
Summary:
In this episode, Gaurav Singh hosts Sarvesh Rajendran to unravel the potential of integrating Cloud AI with SAP GRC, showcasing how AI-driven automation and insights are revolutionizing the GRC landscape. They discuss technical architectures, licensing considerations, and the strategic importance of AI in compliance and security management.
Key Takeaways :
Overview of SAP GRC versions and the end-of-life roadmap for GRC 12.0 by 2027
The shift from NetWeaver to S4 HANA as a foundation for GRC
How SAP consolidates multiple products (Audit, Compliance, Business Integrity) into GRC and licensing implications
Integration of SAP GRC with non-SAP systems via IAG and the importance of seamless identity management
Explanation of SAP Joule (AI layer) and MCP (Meta Connectivity Platform) architecture for secure, standardized cloud connections
Connecting MCP to SAP GRC, including security considerations and API management
The potential of AI to automate audit workflows, threat detection, and decision-making
Strategic advice for customers: whether to embed GRC within S4 HANA or operate on separate systems
The evolving role of SAP security specialists in AI-driven environments and the importance of early involvement
Chapters:
00:00 - Introduction: The convergence of AI and SAP GRC
02:23 - SAP GRC version updates and end-of-life plans
04:02 - Transition from NetWeaver to S4 HANA for GRC and product consolidation
05:57 - SAP GRC licensing impacts and future module integrations
06:56 - Roadmap for GRC and support timelines
10:07 - Handling complex workflows and the role of IAG in hybrid environments
12:02 - Embedding audits and risk modules in S4 HANA: pros and cons
13:41 - Managing license counts and user provisioning strategies
15:55 - Introduction to SAP Joule and AI capabilities in GRC
16:38 - Embedding GRC into S4 HANA vs standalone deployment considerations
19:36 - Strategic system sizing and licensing decisions for GRC on Cloud vs on-premise
20:54 - Connecting SAP GRC with non-SAP systems: security & integration
23:50 - Best practices for managing user data sources and identity platforms
26:23 - The future of SAP security: early involvement & role management
30:05 - AI automation in GRC: opportunities and cautionary notes
37:04 - Connecting Cloud AI (MCP) to SAP GRC: "Why" and "How"
41:40 - The "Jewel" - AI in SAP and the transformative potential of MCP architecture
48:29 - How MCP acts as a bridge for data exchange between SAP and AI
50:43 - Security considerations: API secrets and access controls
53:50 - Cautions regarding AI updates and manual oversight in compliance workflows
55:20 - Starting small with AI integrations to mitigate risks
58:49 - The mindset shift: Automating routine tasks for security professionals
60:14 - The future of AI-driven innovation in SAP security and compliance
Disclaimer:
The views and opinions expressed in this podcast are those of the host and guests and do not necessarily reflect the official policy or position of any organization, employer, or company they are affiliated with. This podcast is intended for informational and educational purposes only. It does not constitute professional, legal, or cybersecurity advice. References to specific companies, products, or technologies are made solely for discussion and illustration purposes — no endorsement or criticism is implied.Listeners are encouraged to consult their own security, legal, or compliance teams before acting on any information shared in this podcast.