One of the world’s leading athletic performance footwear and apparel manufacturing companies, Under Armour, has recently facilitated its SAP migration with the help of the AWS Professional Services team, shifting its SAP landscape to the cloud.
The Baltimore, Maryland-headquartered company, founded in 1996, now boasts $5.6bn of revenue and a 17,500-strong global workforce. Through its migration, the business aimed to modernize and secure its extensive SAP environment in the cloud while minimizing disruption for the growing brand.
The company completed the migration of its SAP environments to AWS in 2021, impressively not needing to appoint an outside organization to facilitate the migration. Instead, the company used Under Armour’s designated team with an SAP focus and an AWS Professional Services team working closely alongside them.
As part of the migration, the business moved its ERP, supply network collaboration, global trade services, enterprise reporting (BI, BOBJ), integration (PI/ PO, data services), SAP Fiori and solution manager workloads to AWS.
Under Armour decided to select AWS as its preferred cloud provider for SAP environments due to its “extensive global cloud infrastructure” as the cloud provider has many regions with three or more Availability Zones. Another factor that impacted the company’s decision was the AWS Professional Services’ availability, which plays the role of speeding up and safeguarding mission-critical migrations, as well as AWS’ comprehensive security services and support of 143 security standards and compliance certifications.
Leaning on the migration, Under Armour managed to secure a foundation for improving performance and visibility across its design, merchandizing, planning, manufacturing, supply chain and sales distribution channels.
The company’s move to the cloud was facilitated through “a short six-month lift and shift migration project” as detailed at SAPinsider Vegas by Gaurav Singh, SAP cyber security manager at Under Armour. Simultaneously the team made sure they have a policy and a standard for cloud from the get-go and followed the Center for Internet Security (CIS) benchmark.
“We created our own kind of business baseline for those services we needed to enable, at least in a six-month period; you can always fine-tune later,” Singh says. “But for the migration project itself, we wanted to make sure our security underscore was at least 90 percent.”
As part of their strategy, he details that the team established the principle “Identity is the new perimeter” as they minimized privileges using identity access management (IAM) and role-based access control (RBAC). They then employed single sign-on (SSO) and multifactor authentication and used identity federation and temporary credentials.
“One thing we did differently when we wanted to migrate to AWS was saying: ‘We want to make sure we bring the security mindset from GRC [governance, risk and compliance]. And then that cyber mindset and understanding of the policies you have as a company,” Singh explains. “We said security has to be baked into the project, even though it was an aggressive timeline we were running with. So we made sure it was not an afterthought.”
The approaches that helped the company adopt a GRC-focused mentality included unifying the organization’s governance and risk management with its technological innovation and adoption, using an enterprise risk management program to predict potential problems, minimize losses and take an SAP-based approach (i.e. User Access Review; Segregation of Duties).)Working to establish a controls process, the team geared up to set up and govern a secure, multi-account AWS environment with an intentional controls process by employing robust AWS account strategy and management process (e.g. Separate Prod AWS Account vs. Non-Prod). Another key action as part of this principle was using AWS Control Tower and Organizations, implementing service control policies (SCPs) and other controls to ensure accounts stay within access control guidelines.
Pointing out the value of versatile cloud knowledge across the teams with various expertise, Singh says: “Your security teams should ramp up; they should also have at least some knowledge of AWS. I’m not trying to be an AWS guy, I’m still an SAP security guy. But it does help you if you wear multiple hats, as you have a cybersecurity mindset and cloud security expertise.”
As part of its approach, the team then set out to actively monitor threats to ensure ongoing security, especially important for mission-critical systems like SAP – by actively monitoring through Amazon GuardDuty and taking direct action on anomalies. In addition, they also sent Amazon GuardDuty logs to the broader security IT team, providing a holistic view of any threats and “building a squad” to tackle SAP security with a holistic approach.
The completion of the AWS migration allowed Under Armour to maintain optimum system performance and minimize downtime and data loss with a cross-region disaster recovery solution that includes 65 servers replicating from one AWS region to another.
Following the six-month initiative, Under Armour set out to integrate its SAP environments with AWS’ set of technologies, including analytics, machine learning, compute and storage, with the modernization also bringing a range of AWS capabilities to fuel innovation in areas like 3D apparel and footwear design, digitally connected footwear and apparel, resource-efficient production, direct-to-consumer sales and global wholesale distribution.
In other words, Under Armour bolstered its armor to be more secure and agile in the cloud age.
