Case Study Background

Customer Stories

Public Cloud Infrastructure Compliance Scanning at SAP with Chef

Download Case Study


The breadth of the SAP portfolio of solutions offered in the public cloud alone means there are many organizations within the company involved with a variety of development tooling, pipelines and various ways of operating. The company needed to accommodate and approach this in different ways and make it easy to avoid security misconfigurations. If such issues occur, then a quick resolution needs to be ensured.


Chef Cloud Security empowers SAP to solve misconfigurations early. Containerizing Chef InSpec has given SAP a highly flexible tool for teams throughout the company to use as they manage the compliance of their cloud accounts.


With Chef, SAP has been able to:

  • Take control of cloud accounts with CSPM
  • Shift-left security and compliance by empowering teams and resolving misconfigurations early
  • Chef’s open-source process offers flexibility, allowing SAP to develop its own control set

About SAP

SAP, the market leader in enterprise application software that helps companies of all sizes and industries run better, has reshaped their processes to enable the speed developers need. In this article, Ran Kahal and Martin Schygulla share insights on their mission to provide developer services at SAP. Ran is director of SAP’s DevOps Center of Excellence (CoE); a worldwide team operating in geographically distributed areas like Germany, Israel, France, Mexico, and the United States. His organization creates and manages a variety of test infrastructures where developers can work on their applications. Martin works within that group as DevOps Automation manager for a team that handles Chef, anything else related to automation, and policy enforcement.

The code base being open source allows SAP to add new functionality and even cloud platforms to Chef InSpec’s capabilities, and therefore gives us the freedom and control to implement the detective controls we want, as long as the public cloud provider’s API supports it.

Jay Thoden van Velzen Head of Security Operations, SAP Multi Cloud

Ready to Get Started?

Contact Sales