Running SAP applications on a hyperscale Cloud platform allows your organization to strengthen its security posture, simplify compliance and automate routine security tasks.

To support your compliance efforts, Lemongrass regularly undergoes external auditing for SOC1, SOC2, and ISO certifications. This, along with customer audits from various industries including Finance, Retail, Pharma, Healthcare, and others, enables Lemongrass to meet all necessary compliance requirements.

Experience Supporting Sensitive Workloads

We support clients in highly-regulated industries moving their workloads to the Cloud as part of their IT modernization plans. These workloads involve mission-critical applications and sensitive data, and the added security and compliance scrutiny to keep them protected can be challenging. Lemongrass has a proven track record of providing Cloud services supporting sensitive enterprise data and applications in regulated environments. We help our customers meet strict mandates and guidelines with services and solutions designed to help them accelerate their security and compliance in the Cloud.

Security and Compliance Certifications

Lemongrass maintains and is audited on a 6-month rolling cycle, against SOC 1 (Type II), SOC 2 (Type II), ISO 9001, and ISO27001:2022 and ISO27018. In addition to that, we maintain our own sets of security controls that we apply as standard to all environments for which we have management responsibility. These are aligned to industry good-practice frameworks, including NIST CSF and the CIS benchmarks.

Dedicated Infrastructure

The Lemongrass Landing Zone is comprised of dedicated accounts and segmented networks per SAP environment. We ensure network and security segregation between environments and applications.

Secure Enough for Regulated Enterprise Workloads

Lemongrass has worked closely with numerous customers in regulated environments, including Government, Life Sciences, and Finance sectors. This allows us to build on our extensive experience and expertise to ensure that we can meet many regulatory and compliance requirements for our customers’ workloads running on the Cloud.

Lemongrass Platform Security Framework

Secure by Design

Lemongrass embraces the Secure by Design principles and is a signatory of CISA’s Secure by Design pledge.  We ensure that our systems are built to be Secure by Design, deployed in a way that is Secure by Default, and are Operated Securely.  We take a sophisticated risk-led approach to vulnerability management and partner with world-leading SecOps providers to ensure that we help protect our customers from cyber threats.

Security Capabilities and Services

Attack Surface Management (ASM)

Vulnerability tooling operates at different layers of the technology stack: it’s often different teams that deal with Cloud infrastructure, OS and the application layers, so how do you know where you carry the greatest risk? Most vulnerability management processes focus on the NIST CVSS score: SLAs create misaligned incentives to address higher-scoring vulnerabilities on unimportant systems over more-impactful vulnerabilities on critical business systems. Some remediations address whole classes of vulnerabilities – how do you know which of them give you the biggest impact? ASM addresses all of these issues.

ASM uses the Nucleus SaaS platform to automatically collect, deduplicate and prioritize vulnerabilities based on their inherent risk, the business context of the device on which they reside, and how threat actors are exploiting it. It integrates with a range of popular vulnerability scanning tools including Qualys, Wiz, Nessus, Avantra and CrowdStrike, as well as the native CSPM tooling of the major Cloud service providers. Benefits include:

• A current prioritized “top ten” ranked by a simple combined risk score tells you the most important cyber risks to your business at a glance, so you can be sure the Lemongrass team is focused on the right things.
• ASM integrates with your existing vulnerability scanners: no need to change your installed agents.
• See what your most-vulnerable assets are, and which remediations give you the greatest risk reduction across your estate.

Security Operations (SecOps)

Threat actors are becoming ever more sophisticated in their tooling and techniques. The preventative and detective security controls that we rely on cannot always defend us against the most advanced threats. Security Operations is there to catch what gets through. Lemongrass manages some of your business’s most important systems, so we partner with the world’s best SecOps providers to help keep your most-valuable IT assets protected.

Lemongrass partners with CrowdStrike to provide world-class monitoring and defense of your cloud-hosted IT environments. CrowdStrike’s Falcon Complete service provides Tier 1 and Tier 2 SOC services, continuously monitoring the cloud and OS layers of your IT estate for evidence of threat actor activity and taking active measures to stop them. CrowdStrike’s “rules of engagement” for each asset are agreed in advance with you: proactively isolating non-critical systems without risking unwarranted downtime for your mission-critical servers. Lemongrass’s own SOC acts in a Tier 3 capacity, coordinating the work of CrowdStrike with our own Operations teams who have a deep understanding of your environment and its business context. A future evolution of our SecOps service wrap will cover the SAP application layer, likewise coordinated by the Lemongrass SOC. Benefits include:

• CrowdStrike managed Tier 1/2 SOC continuously monitors and protects your environment at the Cloud, Network and OS layers.
• Lemongrass Tier 3 SOC coordinates with CrowdStrike and our operations teams who use their thorough knowledge of your environment and systems to take the most-appropriate defensive action.

Threat Hunting

The cybersecurity landscape is saturated with threats—ranging from opportunistic malware to highly motivated and well-funded threat actors. While technical and procedural security controls are essential, they often fall short in detecting targeted attacks crafted specifically for your organization. Your business’s unique combination of industry, geography, and technology stack makes you a valuable and specific target. Adversaries leverage tailored tactics, techniques, and procedures (TTPs) to bypass generic defenses, often remaining undetected for extended periods. Waiting for alerts isn’t enough—the most dangerous threats won’t trigger one.

Lemongrass targeted Threat Hunting provides a proactive, intelligence-driven approach to threat detection. Our expert security team uses Threat Intelligence to identify and profile adversaries who are actively targeting organizations like yours. We build custom hypotheses based on known tactics, tools and procedures (TTPs) and conduct a focused hunt for high-fidelity Indicators of Compromise (IoCs) in your environment. This allows us to expose hidden threats, validate security assumptions, and strengthen your overall security posture. Benefits include:

Focused Detection on Real Threats: Zero in on adversaries who are actually targeting your business—not theoretical threats.
Faster Threat Discovery: Uncover sophisticated threats earlier in the attack chain, before they can cause major damage.
Enhanced Security Posture: Improve your organization’s ability to detect and respond to complex threats.
Custom-Fit to Your Risk Profile: Tailored investigations based on your specific industry, location, and technology footprint.
Threat Intelligence in Action: Turn threat data into proactive security action by linking TTPs and high-fidelity IoCs to real-time findings.
Expert-Led Investigations: Access the knowledge and precision of experienced security professionals with deep threat hunting expertise.

Recommendations