Skip to Content
Product Information
Author's profile photo Mark Ciminello

The SAP Controlled Cloud

When I talk to customers, especially those who are evaluating SAP cloud solutions , I frequently discuss the various types of cloud solutions available. But not just the typical public versus private cloud discussion, the conversation is more along the lines of what they the customer controls and what SAP controls.

Now, there are many cloud offerings that have subtle differences between the solutions, and SAP cloud solutions are located in numerous data centers, not just one. A solution may be hosted among the various data centers and not every data center host all solutions. The first thing one has to understand is that there are, indeed, a number of different “flavors” to what I call, the SAP Cloud, which is my own term, by the way, that generalizes all SAP cloud-based solutions as if they were a single, homogenous product.

The SAP Cloud is not, however, a single product. Instead, it is somewhat a consortium of many solutions hosted over various hosting models in numerous data centers, with subtle differences in hosting practices. Those differences are mostly due to the nature of the applications, the solutions’ data classifications, and whether it is single or multi-tenant. For kicks, I created a spreadsheet by application of the various hosting parameters. The spreadsheet contained 67 lines across 17 solutions. That’s 1,139 different hosting elements, quite a bit to process during a solution evaluation. While the differences in hosting practices vary by solution, the hosting practices across most SAP Cloud solutions are now fully harmonized at the core.

While one could easily argue this is too complicated and ask why can’t you just use one hosting model, I could argue back that each solution is different, has considerable cost implications, and that the data classification for say, an HR application is quite different from a collaboration tool or procurement solution and therefore justifies the differences. As a security professional, overall I think SAP has done a great job of making each application’s hosting model efficient, effective and relevant for the data classification, despite the added complexity. SAP’s auditors, PWC, by way of SOC report attestation tend to concur with my assessment.

This might explain why SAP has not branded, or even attempt to generalize its cloud offerings as “the SAP Cloud.” For many of SAP’s cloud solutions, they are instead branded by product name, each running in their own cloud per se, and where data centers host one or more solutions.

The solutions list includes some of SAP’s major cloud-based suites, among others:

  • SuccessFactors
  • Ariba
  • Fieldglass
  • Concur
  • Leonardo
  • S4/HANA
  • C4/HANA, Hybris
  • Integrated Business Planning (IBP)
  • ByDesign
  • Cloud Analytics
  • Cloud Platform

Further, within each major solution listed above, there are several unique modules within each major brand.

SuccessFactors, for example, includes modules such as Employee Central, its core HR (Human Resources) solution. Then there is also Learning Management, Performance Management, Compensation Management, Succession Management, Recruiting, Onboarding, Workforce Planning, Workforce Analytics, and employee engagement tools such as Jam and Social Media. There is also SAP Payroll, which is not part of SuccessFactors, but is frequently offered as sidecar to SuccessFactors. All of the modules together constitute a suite of products, as the SuccessFactors HCM (Human Capital Management) Suite. So even within the context of an HR/HCM solution, each application has a unique purpose, and data classifications drive the hosting model and associated hosting elements as well.

But some applications such as S4/HANA running in HEC (Hana Enterprise Cloud) are branded by their hosting model, and HEC is actually a hosting model and not a product itself. HEC is in fact, SAP’s Managed Services cloud offering, and typically is used to host S4/Hana as a single-tenant hosting model. Yet, other solutions that may have been offered as an on premise offering, such as CRM or the like can be hosting in HEC, making HEC the hosting model it is.

In fact, SAP has cloud-based solution offerings of which there are currently some 22 major suites across 100+ solutions as cloud offerings. The list is also growing at a very rapid pace.

Cloud Provider versus Managed Service

There is a subtle distinction between the two terms to which many are confused. I’ll offer some history and some clarifications. The main difference between the two is the degree of control to which the customer has.

First, a Cloud Provider – which is more of an industry term – is an entity that provides the cloud service as fully defined and functional. In services offered by a Cloud Provider, the provider dictates both the technology and the hosting procedures. Contrast that to a Managed Services offering, where the customer dictates the technology and operating procedures. Therein lies the distinction.

Note that while a Managed Services provider is also a Cloud Services provider, a cloud services provider is not necessarily a managed services provider.

Cloud Offerings, a Comparison

SAP offers both Cloud Services and has a Managed Services offering in HEC, but not all cloud offerings are managed services. Most of the offerings have different forms, and they vary by solution. With the exception of S4/HANA, all SAP Cloud solutions are offered either in a full SaaS (software-as-a-service) model or a Managed Service; but not both. S4/HANA is the sole solution that is offered in both models, commonly but perhaps incorrectly referred to S4/HANA Public Cloud (note that it is not a public cloud like LinkedIn, Facebook or Instagram).

By definition, SAP is a Cloud Provider, by offering a number of solutions hosted as SaaS offerings in the cloud. Most of the solutions offered in this hosting model have full-suite applications and fully defined services, where SAP provides the infrastructure, hosting, and the application itself, making the solutions a comprehensive cloud offering to which customers can simply subscribe.

SAP also offers a Managed Services offering called Hana Enterprise Cloud, or HEC for short. HEC is actually a hosting model, and not a solution, although SAP associates often use the two terms interchangeably. SAP employees also use the terms “public cloud” or “private cloud,” which is not necessarily accurate.

The terms “Cloud Provider” and “Managed Services” are frequently confused. Even more so, they really refer to two different things and there are numerous characteristics unique to both.

Cloud Subscriptions

With cloud computing offerings, customers subscribe to the service, but do not purchase hardware or software — including source code of the application. Hardware and service are provided by SAP. The application is running within the service, and only the running application is offered, in a subscription-based model. That also means source code is not included in the subscription.

Further, source code, since it is not provided, cannot be modified. In most cases, a single instance of application executables exists. This also means that all customers are on the same release, and releases are made periodically to update and upgrade the application. When an update or upgrade is applied, all customers in the offering are updated/upgraded at the same time.

Managed Services Providers (MSP) – such as Amazon (AWS), Microsoft Azure, or Google Cloud (all SAP partners too, by the way) – provide the infrastructure and other technology, some with applications. But with a MSP the customer will dictate the technology and the hosting procedures, often choosing a la carte capabilities.

HEC as a managed service offering has options too – like backup, failover, update and upgrade policies and much more – that allow the customers to control or manage the application.

SAP as a Solution Provider

Unlike other cloud providers such as Amazon, Microsoft and Google, SAP tends to accentuate the subscriptions to the application and not the hosting itself. This is no surprise here, as SAP is well-known and branded as a global leader in enterprise software. While Amazon, Microsoft and Google may offer, to a lesser degree, applications along with application hosting, SAP’s hosting underscores the applications they develop, while the others tend to stress their cloud services.

Given the popularity of these three cloud providers, customers frequently compare – and confuse – their hosting models with SAP’s cloud offerings.

Customer Confusion in Hosting Models

Of course, cloud computing is both old and new. It’s old because it’s been around since the 1960’s, but wasn’t prevalent until the mid-2000’s. Because it’s new, it’s frequently misunderstood. My role at SAP as a Cloud Architect is to provide education – and clarification.

Customers frequently come to the table with pre-conceived notions and don’t understand which SAP solutions are managed service and which are SaaS models. The big confusion comes when they express their requirements on SaaS offerings as if it were a managed service.

This happens a lot.

Cloud SaaS Services are Fully Defined

A SaaS offering by a cloud provider is already full defined, top to bottom in both the technology stack and in the hosting practices. Frankly, while there may be some options available, there is very little if no “wiggle room” to offer customization. Changes that are simple, such as controlling hosting locations, or specifying clarifications to already existing services are permissible.

For example, if a customer requires hosting remain in the U.S., or in another region, that is something we can accommodate. But changing something like backup frequency or recovery SLA’s are not easy. SAP has an enormous customer base in the cloud that is growing monthly. Changing the service for one would actually mean changing the service for all customers, and the other customers may not like that.

Customers can’t negotiate an SLA that is specific to them, because SAP Cloud Operations cannot execute on a customer-by-customer basis. During a disaster, for example, we’d have to review 3,500+ contracts for a single data center to see who goes first based on a guaranteed, customer-specific SLA. That’s not feasible. So SAP has a single policy and a single SLA that is generally applied to all.

It’s important to understand that the customer is subscribing to an existing service; they are not creating or defining the service. This is true for all SaaS solutions.

Here’s an example.

Imagine if I tried to do this with an airline when buying a plane ticket – which is a fully defined service.

Suppose I called American Airlines and said “I need a ride to Philly from Phoenix next Tuesday. Have the plane pick me up at 10:30 am and I need to get there slightly after noon. Yes, you’ll have to fly fast and burn extra fuel, but that’s what I require. I want a large, first-class aisle seat in coach, but I only want to pay for a coach ticket. I want Lingui in a light Pomodoro sauce with chicken and fresh vegetables for dinner, served with a nice, imported, world-class Italian Chianti, and brownies with ice cream for desert. When the plane lands, I want to be the first person allowed to get off, because I’m a Gold Level frequent flyer. Oh, and make sure you valet my bag so that when I deplane, it’s available for me at the door. I hate going to the bag claim area.”

I’m sure I’d get a good laugh from AA. Likely, the customer service folks would just hang up on me.

Customization of a Cloud SaaS Service

Customers frequently confuse our position as if we had some power in a SaaS offering to customize services for each of our customers. We don’t. Even by data center, there may be several thousand customers just in that one data center.

And so, customers often compare and confuse SAP to its partners and other cloud providers who provide managed services, and to offerings that are not SaaS solutions. I typically hear things like, “other cloud competitors agree to the change, why can’t you?” That’s an apples to oranges comparison. The managed services providers are only providing infrastructure in a virtualized technology stack (which, by the way, is more expensive). Customers provide the application, the database, and in some cases, even may choose the operating system.


As much as cloud computing has been around, it’s still misunderstood. There are bunches of service offerings, but it’s important to understand the difference between a fully defined, SaaS solution offered by a cloud service provider and a managed services offering, which only provide infrastructure hosting and has more flexibility.

SAP is a high integrity company, has many offerings, and will help customers completely understand the differences in the offerings, hosting practices, and of course, security and data privacy concerns.

For me, helping customers understand our offerings is my full-time role at SAP.


Mark Ciminello is a Sr. Enterprise Cloud Architect with expertise in cloud, information security and data privacy. He holds numerous certifications including CISSP (security), CCSP (cloud security) and PMP (project management), has an MBA in Management, a BA in General Studies with emphasis in accounting and has some 30+ years of business experience.


The information in this article is confidential and proprietary to SAP and may not be disclosed without the permission of SAP. Except for your obligation to protect confidential information, this article is not subject to your license agreement or any other service or subscription agreement with SAP. SAP has no obligation to include any functionality or pursue any course of business outlined in this presentation or any related document, or to develop or release any functionality mentioned therein.

This article, or any related document and SAP’s strategy and possible future developments, products and or platforms directions and functionality are all subject to change and may be changed by SAP at any time for any reason without notice. The information in this article is not a commitment, promise or legal obligation to deliver any material, code or functionality. This article is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement. This article is for informational purposes and may not be incorporated into a contract. SAP assumes no responsibility for errors or omissions in this article.

All forward-looking statements are subject to various risks and uncertainties that could cause actual results to differ materially from expectations. Readers are cautioned not to place undue reliance on any statements and they should not be relied upon in making purchasing decisions.

Assigned Tags

      1 Comment
      You must be Logged on to comment or reply to a post.
      Author's profile photo Bhamy Shenoy
      Bhamy Shenoy

      Very well written. Great job Mark!