SlideShare ist ein Scribd-Unternehmen logo

SAP Cloud security overview 2.0

R
Rasmi Swain

The document discusses SAP's cloud security practices. It covers several areas: - SAP's cloud portfolio and focus on security as core to their cloud business model. - The various security regulations and requirements SAP aims to comply with regarding things like data centers, networks, identity management and data security. - How SAP implements logical and physical isolation of customer data through dedicated infrastructure, encryption, access controls and other means. - SAP's backup/recovery and compliance capabilities like frequent encrypted snapshots and audit logging to support regulations.

1 von 16
Downloaden Sie, um offline zu lesen
SAP Cloud Solution – Security 1
About me • Rasmi Swain • Enterprise IT Consulting & Delivery • Enterprise IT architecture • SAP ECC 6.0 , SAP BW, BO–BI • HANA Analytics, HANA Cloud • SAP Mobility ( SMP 3.0, FIORI, MDM, Mobile Security) • Information Security (Cloud Security, GRC, ISO 2700K) • E-Governance & Smart City SAP Cloud Security 2
Contents • SAP Cloud Solutions • Security Regulations • Security Requirements • Data Center Security • Physical Security • Network Security • Data Security • Backup/Recovery & Compliance • Identity management SAP Cloud Security 3
SAP a Cloud Company • SAP + HANA+SF+ARIBA+ Sybase • Most Comprehensive cloud portfolio solutions • Data security and data privacy is part of the DNA SAP Cloud Security 4 Source : SAP
SAP Cloud Portfolio SAP Cloud Security 5 Source : SAP Cloud Documents in Public
Trust the #1 asset in cloud business - Security, data protection, and data privacy became more important. - And a single case of data loss hits the whole industry. - If a single company fails in the cloud, no vendor in this service can bet on more subscribers. It´s a loss-loss. - handle data with the utmost discretion and allow business-critical processes to run securely. - Protect customer against unauthorized data access and misuse, confidential data disclosure SAP Cloud Security 6 Source : SAP
Security Regulations • HIPAA • PCI-DSS, ISO 27002, BS7799, • ISO 27001/27017 • PII/ Privacy • EU Data Protection 95/46/EC • e-Privacy Directive 2002/58/EC • ASIO-4, FIPS Moderate, • BS10012, SSAE-16/SOC2 SAP Cloud Security 7
Security Requirements • CSP (Cloud Partner) must be complaint • US-EU safe Harbor • Employee Background check • Physical Security • Physical data location • Unauthorized data access (credential steals) SAP Cloud Security 8 • Data steal from insiders • Firewalls to prevent 3rd party attacks • Operational compliance • Shallow security • Data Portability • Business Continuity Security
Data Center Security SAP Cloud Security 9 DB Security Network Security Compliance Back up & Business Continuity SOC2 Privacy Trust Criteria BS10012 Privacy Standard used internationally SAP Cloud Security 9 Location & Physical Security BS25999 CERTIFIED ISO 9001 CERTIFIED ISO 27001 CERTIFIED SSAE16 TESTIFIED ISAE3402 TESTIFIED*
SAP Cloud Security – Physical Security SAP Cloud Security BUILDINGPOWER FIRE+ FLOOD COOL ING  Reinforced concrete construction  Hundreds of surveillance cameras with digital recording  Fully monitored doors  Tens of thousands of environmental sensors  Security guards and facility support team onsite 24x7x365  Biometric sensors + card readers to access secured areas  Multiple redundant internet connections from multiple carriers  Redundant power sources  Hundreds of UPS units with additional capabilities of 20 min  Auxiliary, expandable diesel power supply, online within minutes  Diesel fuel storage sufficient for 48-hours of operations without refueling  Contracts with external diesel suppliers to guarantee continuous operation  Fire and flood protection  Redundant, environmentally friendly, Inergen fire extinguisher System  Thousands Fire and Flood Surveillance Sensors  100% redundant air conditioning  Auxiliary cooling capacity Source – SAP
SAP Cloud Network Security SAP Cloud Security 11 Multi-tiered Network Architecture End-user traffic is limited to the front Demilitarized Zone (DMZ) tier of Web servers only. Each single tier in the hosting environment is organized into a DMZ- like pattern. This allows a firewall or Virtual Local Area Networks (VLAN) separation between each tier. A request is individually validated before creating the next tier independent request. SSAE16-SOC2 Type II auditing twice a year. * formerly known as Secure Sockets Layer Reverse Proxy Farms Hide network topology Multiple redundant Internet Connections Limit the effect of denial of service (DOS) attacks Data Encryption Highest level of protection with up to 256-Bit Data encryption protocols using Transport Layer Security* Intrusion Detection System Monitor web traffic 24 x 7 x 365 Multiple Firewalls Shield internal network from hackers Third Party Audits/Penetration Tests Early and independent detection of security issues (e.g. program backdoors, network vulnerabilities,…) 11 Communication between client and SAP leverages Secure Sockets Layer (SSL) or Transport Layer Security (TLS) encryption. SAP solutions also support dedicated encrypted communication channels (WAN and VPN) for better access and integration. SAP also provides customers a choice: the management of all security from top to bottom, or the ability to integrate SAP Cloud with their own industry-standard identity management solutions. .
Data Security - Data Segregation  SaaS Multi-tenant Architecture - example SAP Cloud for People  With cloud solutions from SAP, there is a logical isolation within a SaaS application that extends down to the virtual server layer. In certain environments like the SAP HANA Enterprise Cloud, organizations will also get physical isolation via dedicated SAP HANA database servers that reside in dedicated customer network segments (VLANS). SAP Cloud Security 12 . Database Tier Instance A Instance B Instance C Instance D Application Tier Service Tier Personal credentials Optional Single Sign On Distinct application instance per customer enforces Memory segregation Distinct database schema per customer enforces data segregation 3rd party Application Core Tenant manager Instance A Instance B Instance C Instance D XML Abstraction Layer WebServices InterfaceGraphical User Interface Schema • Data • Configurations Schema • Data • Configurations Schema • Data • Configurations Schema  Data  Configurations
Cloud SaaS delivery model- Data transmission & data flow control SAP Cloud Security 1313 Cloud solutions from SAP segregate heterogeneous data by using the following approach to build the application architecture and store the data: • Unique database tables: • Most service providers offering shared Web access have one set of database tables in a normalized database that is shared by many customers. In contrast, organizations that use cloud solutions from SAP share the network security infrastructure, Web servers, application servers, and database instance. However, each customer has its own set of database tables within its own unique database schema, which ensures complete segregation of tenants’ data. • Dedicated database Servers: • In case of a SAP HANA database, SAP provides a dedicated physical database server that is located in the customer cloud network segment. • Encrypted data storage: • When cloud solutions from SAP support database or file system encryption, all encrypted data is stored on disks using a minimum of AES 128-bit encryption. • Secure levels: • In SaaS services, the top two tiers (application and Web in later levels) are completely stateless. Cloud solutions from SAP dramatically reduce the security risk of these two tiers because no sessions are kept in memory or written to disk. This approach simplifies the construction of load-balanced server farms, as there is no need to keep the workloads on any given server. • Movement of data: • It is important to remember that data is moving through multiple tiers, and each level must ensure data security. Cloud solutions from SAP use a defense-in-depth strategy to provide segregation of data at all layers.
SAP Cloud Security – Backup/Recovery & Compliance SAP Cloud Security 14 • Compliance features  Journal entries that allow tracing of business transactions to source documents  Number ranges that distinguish journal entries  Accounting-relevant data cannot be deleted from audit trails  Supports IFRS accounting regulations  Solution documentation included  Segregation of duties supported Snapshots: Backups are created with snapshots from disk to disk. This ensures fast creation, backups, and, if required, fast restoration. Frequency: Daily full backup. Log files incrementally backed up every two hours: all changes in database since the last full backup are saved. Location: Database and log-file backups are stored in a geographically separated data center but stay in the designated region. Objective: Recovery up to the last transaction is supported within database recovery process. Maximum lost time for customer is two hours - if the primary data center is completely destroyed. Retention times: Backups of the last 3 days are kept on primary and secondary storage. Previous backups are kept up to 14 days in the geographically separated backup data center. 14
SAP SaaS delivery model- Identity management SAP Cloud Security 15 • Internal authentication: • Cloud solutions from SAP use an internal repository of user profiles when customers choose not to integrate their identity management product with SAP solutions • Federated authentication (single sign-on): • The primary transport protocol for this trust mechanism is standard Hypertext Transfer Protocol Secure (HTTPS). In the SAP HANA® Enterprise Cloud service, a direct integration into the customer network and single-sign-on implementation is possible. Cloud solutions from SAP also use single sign-on features of the SAP NetWeaver® technology platform for system-to-system and administrator authentication. 15 Cloud solutions from SAP support the Lightweight Directory Access Protocol (LDAP) and tokens, • such as MD5, SHA-1, • HMAC encryption, DES, and 3DES. • The solution also supports Security Assertion Markup Language (SAML 1.1, 2.0) • SAP Supply Network Collaboration with encrypted remote function call (RFC) and client/server personal security environment (PSE) verification.
SAP Cloud Security 16 Q & A

Empfohlen

QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk M sharifi
 
Information Security Whitepaper
Information Security WhitepaperInformation Security Whitepaper
Information Security Whitepaperrun_frictionless
 
Security and Compliance
Security and ComplianceSecurity and Compliance
Security and Compliancerun_frictionless
 
Security and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud InfrastructureSecurity and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud InfrastructureCloudPassage
 
ESM_101_6.9.0.pdf
ESM_101_6.9.0.pdfESM_101_6.9.0.pdf
ESM_101_6.9.0.pdfProtect724v2
 
Improving IR Workflow - Using Risk-Based Escalation in HP ArcSight ESM
Improving IR Workflow - Using Risk-Based Escalation in HP ArcSight ESMImproving IR Workflow - Using Risk-Based Escalation in HP ArcSight ESM
Improving IR Workflow - Using Risk-Based Escalation in HP ArcSight ESMAnton Goncharov
 
Big Data Security with HP ArcSight
Big Data Security with HP ArcSightBig Data Security with HP ArcSight
Big Data Security with HP ArcSightSridhar Karnam
 
IBM QRadar Xforce
IBM QRadar XforceIBM QRadar Xforce
IBM QRadar Xforcesreenivas1591
 

Empfohlen

QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk M sharifi
 
Information Security Whitepaper
Information Security WhitepaperInformation Security Whitepaper
Information Security Whitepaperrun_frictionless
 
Security and Compliance
Security and ComplianceSecurity and Compliance
Security and Compliancerun_frictionless
 
Security and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud InfrastructureSecurity and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud InfrastructureCloudPassage
 
ESM_101_6.9.0.pdf
ESM_101_6.9.0.pdfESM_101_6.9.0.pdf
ESM_101_6.9.0.pdfProtect724v2
 
Improving IR Workflow - Using Risk-Based Escalation in HP ArcSight ESM
Improving IR Workflow - Using Risk-Based Escalation in HP ArcSight ESMImproving IR Workflow - Using Risk-Based Escalation in HP ArcSight ESM
Improving IR Workflow - Using Risk-Based Escalation in HP ArcSight ESMAnton Goncharov
 
Big Data Security with HP ArcSight
Big Data Security with HP ArcSightBig Data Security with HP ArcSight
Big Data Security with HP ArcSightSridhar Karnam
 
IBM QRadar Xforce
IBM QRadar XforceIBM QRadar Xforce
IBM QRadar Xforcesreenivas1591
 
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014Andris Soroka
 
Tips and tricks for MSSPs leveraging HPE Security ArcSight ESM to win proof o...
Tips and tricks for MSSPs leveraging HPE Security ArcSight ESM to win proof o...Tips and tricks for MSSPs leveraging HPE Security ArcSight ESM to win proof o...
Tips and tricks for MSSPs leveraging HPE Security ArcSight ESM to win proof o...Bryan Borra
 
SIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsSIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsOWASP Delhi
 
More databases. More hackers.
More databases. More hackers.More databases. More hackers.
More databases. More hackers.Imperva
 
The Security Policy Management Maturity Model: How to Move Up the Curve
The Security Policy Management Maturity Model: How to Move Up the CurveThe Security Policy Management Maturity Model: How to Move Up the Curve
The Security Policy Management Maturity Model: How to Move Up the CurveAlgoSec
 
Best-Practices-Web-Usability
Best-Practices-Web-UsabilityBest-Practices-Web-Usability
Best-Practices-Web-UsabilityLarry Wilson
 
IT_RFO10-14-ITS_AppendixA_20100513
IT_RFO10-14-ITS_AppendixA_20100513IT_RFO10-14-ITS_AppendixA_20100513
IT_RFO10-14-ITS_AppendixA_20100513Alexander Doré
 
You Can't Correlate what you don't have - ArcSight Protect 2011
You Can't Correlate what you don't have - ArcSight Protect 2011You Can't Correlate what you don't have - ArcSight Protect 2011
You Can't Correlate what you don't have - ArcSight Protect 2011Scott Carlson
 
HP ArcSight
HP ArcSight HP ArcSight
HP ArcSight Mohamed Zohair
 
Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...CloudPassage
 
Managing Cloud Security Risks in Your Organization
Managing Cloud Security Risks in Your OrganizationManaging Cloud Security Risks in Your Organization
Managing Cloud Security Risks in Your OrganizationCharles Lim
 
HP ArcSight Demonstrating ROI For a SIEM Solution
HP ArcSight Demonstrating ROI For a SIEM SolutionHP ArcSight Demonstrating ROI For a SIEM Solution
HP ArcSight Demonstrating ROI For a SIEM Solutionrickkaun
 
Securing Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid CloudsSecuring Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid CloudsRightScale
 
More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.Imperva
 
Securing Sensitive Data in Your Hybrid Cloud
Securing Sensitive Data in Your Hybrid CloudSecuring Sensitive Data in Your Hybrid Cloud
Securing Sensitive Data in Your Hybrid CloudRightScale
 
SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation finalRizwan S
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)hardik soni
 
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...EnergySec
 
Hp arcsight services 2014 ewb
Hp arcsight services 2014 ewbHp arcsight services 2014 ewb
Hp arcsight services 2014 ewbrty_ngtglobal
 
Cloud Security Overview
Cloud Security OverviewCloud Security Overview
Cloud Security OverviewHeather Axworthy
 
CSA Research: Mitigating Cloud Threats
CSA Research: Mitigating Cloud ThreatsCSA Research: Mitigating Cloud Threats
CSA Research: Mitigating Cloud ThreatsBitglass
 
Dimension data cloud_security_overview
Dimension data cloud_security_overviewDimension data cloud_security_overview
Dimension data cloud_security_overviewRifaHaryadi
 

Weitere ähnliche Inhalte

Was ist angesagt?

Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014Andris Soroka
 
Tips and tricks for MSSPs leveraging HPE Security ArcSight ESM to win proof o...
Tips and tricks for MSSPs leveraging HPE Security ArcSight ESM to win proof o...Tips and tricks for MSSPs leveraging HPE Security ArcSight ESM to win proof o...
Tips and tricks for MSSPs leveraging HPE Security ArcSight ESM to win proof o...Bryan Borra
 
SIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsSIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsOWASP Delhi
 
More databases. More hackers.
More databases. More hackers.More databases. More hackers.
More databases. More hackers.Imperva
 
The Security Policy Management Maturity Model: How to Move Up the Curve
The Security Policy Management Maturity Model: How to Move Up the CurveThe Security Policy Management Maturity Model: How to Move Up the Curve
The Security Policy Management Maturity Model: How to Move Up the CurveAlgoSec
 
Best-Practices-Web-Usability
Best-Practices-Web-UsabilityBest-Practices-Web-Usability
Best-Practices-Web-UsabilityLarry Wilson
 
IT_RFO10-14-ITS_AppendixA_20100513
IT_RFO10-14-ITS_AppendixA_20100513IT_RFO10-14-ITS_AppendixA_20100513
IT_RFO10-14-ITS_AppendixA_20100513Alexander Doré
 
You Can't Correlate what you don't have - ArcSight Protect 2011
You Can't Correlate what you don't have - ArcSight Protect 2011You Can't Correlate what you don't have - ArcSight Protect 2011
You Can't Correlate what you don't have - ArcSight Protect 2011Scott Carlson
 
Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...CloudPassage
 
Managing Cloud Security Risks in Your Organization
Managing Cloud Security Risks in Your OrganizationManaging Cloud Security Risks in Your Organization
Managing Cloud Security Risks in Your OrganizationCharles Lim
 
HP ArcSight Demonstrating ROI For a SIEM Solution
HP ArcSight Demonstrating ROI For a SIEM SolutionHP ArcSight Demonstrating ROI For a SIEM Solution
HP ArcSight Demonstrating ROI For a SIEM Solutionrickkaun
 
Securing Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid CloudsSecuring Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid CloudsRightScale
 
More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.Imperva
 
Securing Sensitive Data in Your Hybrid Cloud
Securing Sensitive Data in Your Hybrid CloudSecuring Sensitive Data in Your Hybrid Cloud
Securing Sensitive Data in Your Hybrid CloudRightScale
 
SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation finalRizwan S
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)hardik soni
 
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...EnergySec
 
Hp arcsight services 2014 ewb
Hp arcsight services 2014 ewbHp arcsight services 2014 ewb
Hp arcsight services 2014 ewbrty_ngtglobal
 

Was ist angesagt? (19)

Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
 
Tips and tricks for MSSPs leveraging HPE Security ArcSight ESM to win proof o...
Tips and tricks for MSSPs leveraging HPE Security ArcSight ESM to win proof o...Tips and tricks for MSSPs leveraging HPE Security ArcSight ESM to win proof o...
Tips and tricks for MSSPs leveraging HPE Security ArcSight ESM to win proof o...
 
SIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsSIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur Vats
 
More databases. More hackers.
More databases. More hackers.More databases. More hackers.
More databases. More hackers.
 
The Security Policy Management Maturity Model: How to Move Up the Curve
The Security Policy Management Maturity Model: How to Move Up the CurveThe Security Policy Management Maturity Model: How to Move Up the Curve
The Security Policy Management Maturity Model: How to Move Up the Curve
 
Best-Practices-Web-Usability
Best-Practices-Web-UsabilityBest-Practices-Web-Usability
Best-Practices-Web-Usability
 
IT_RFO10-14-ITS_AppendixA_20100513
IT_RFO10-14-ITS_AppendixA_20100513IT_RFO10-14-ITS_AppendixA_20100513
IT_RFO10-14-ITS_AppendixA_20100513
 
You Can't Correlate what you don't have - ArcSight Protect 2011
You Can't Correlate what you don't have - ArcSight Protect 2011You Can't Correlate what you don't have - ArcSight Protect 2011
You Can't Correlate what you don't have - ArcSight Protect 2011
 
HP ArcSight
HP ArcSight HP ArcSight
HP ArcSight
 
Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...
 
Managing Cloud Security Risks in Your Organization
Managing Cloud Security Risks in Your OrganizationManaging Cloud Security Risks in Your Organization
Managing Cloud Security Risks in Your Organization
 
HP ArcSight Demonstrating ROI For a SIEM Solution
HP ArcSight Demonstrating ROI For a SIEM SolutionHP ArcSight Demonstrating ROI For a SIEM Solution
HP ArcSight Demonstrating ROI For a SIEM Solution
 
Securing Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid CloudsSecuring Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid Clouds
 
More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.
 
Securing Sensitive Data in Your Hybrid Cloud
Securing Sensitive Data in Your Hybrid CloudSecuring Sensitive Data in Your Hybrid Cloud
Securing Sensitive Data in Your Hybrid Cloud
 
SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation final
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
 
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
 
Hp arcsight services 2014 ewb
Hp arcsight services 2014 ewbHp arcsight services 2014 ewb
Hp arcsight services 2014 ewb
 

Andere mochten auch

CSA Research: Mitigating Cloud Threats
CSA Research: Mitigating Cloud ThreatsCSA Research: Mitigating Cloud Threats
CSA Research: Mitigating Cloud ThreatsBitglass
 
Dimension data cloud_security_overview
Dimension data cloud_security_overviewDimension data cloud_security_overview
Dimension data cloud_security_overviewRifaHaryadi
 
Scm2008 Phelan 25 Tips And Tricks Final
Scm2008 Phelan 25 Tips And Tricks FinalScm2008 Phelan 25 Tips And Tricks Final
Scm2008 Phelan 25 Tips And Tricks FinalDennis Phelan
 
How to Secure Your IaaS and PaaS Environments
How to Secure Your IaaS and PaaS EnvironmentsHow to Secure Your IaaS and PaaS Environments
How to Secure Your IaaS and PaaS EnvironmentsInfo-Tech Research Group
 
Business profile-sap-parts-2015
Business profile-sap-parts-2015Business profile-sap-parts-2015
Business profile-sap-parts-2015sapparts
 
Is6120 data security presentation
Is6120 data security presentationIs6120 data security presentation
Is6120 data security presentationJamesDempsey1
 
Developing and Deploying Applications on the SAP HANA Platform
Developing and Deploying Applications on the SAP HANA PlatformDeveloping and Deploying Applications on the SAP HANA Platform
Developing and Deploying Applications on the SAP HANA PlatformVitaliy Rudnytskiy
 
SAP HANA Native Application Development
SAP HANA Native Application DevelopmentSAP HANA Native Application Development
SAP HANA Native Application DevelopmentDickinson + Associates
 
SAP MM Interview questions
SAP MM Interview questionsSAP MM Interview questions
SAP MM Interview questionsIT LearnMore
 
ASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment ScenariosASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment ScenariosCisco Canada
 
23512555 trade-life-cycle
23512555 trade-life-cycle23512555 trade-life-cycle
23512555 trade-life-cycleahaline
 
The Security and Privacy Threats to Cloud Computing
The Security and Privacy Threats to Cloud ComputingThe Security and Privacy Threats to Cloud Computing
The Security and Privacy Threats to Cloud ComputingAnkit Singh
 
Asa sslvpn security
Asa sslvpn securityAsa sslvpn security
Asa sslvpn securityJack Melson
 
Basics of SAP for noobs (dummies)
Basics of SAP for noobs (dummies)Basics of SAP for noobs (dummies)
Basics of SAP for noobs (dummies)vins049
 
What Makes Great Infographics
What Makes Great InfographicsWhat Makes Great Infographics
What Makes Great InfographicsSlideShare
 

Andere mochten auch (20)

Cloud Security Overview
Cloud Security OverviewCloud Security Overview
Cloud Security Overview
 
CSA Research: Mitigating Cloud Threats
CSA Research: Mitigating Cloud ThreatsCSA Research: Mitigating Cloud Threats
CSA Research: Mitigating Cloud Threats
 
Dimension data cloud_security_overview
Dimension data cloud_security_overviewDimension data cloud_security_overview
Dimension data cloud_security_overview
 
Scm2008 Phelan 25 Tips And Tricks Final
Scm2008 Phelan 25 Tips And Tricks FinalScm2008 Phelan 25 Tips And Tricks Final
Scm2008 Phelan 25 Tips And Tricks Final
 
How to Secure Your IaaS and PaaS Environments
How to Secure Your IaaS and PaaS EnvironmentsHow to Secure Your IaaS and PaaS Environments
How to Secure Your IaaS and PaaS Environments
 
Business profile-sap-parts-2015
Business profile-sap-parts-2015Business profile-sap-parts-2015
Business profile-sap-parts-2015
 
HANA XS Engine
HANA XS EngineHANA XS Engine
HANA XS Engine
 
Is6120 data security presentation
Is6120 data security presentationIs6120 data security presentation
Is6120 data security presentation
 
Developing and Deploying Applications on the SAP HANA Platform
Developing and Deploying Applications on the SAP HANA PlatformDeveloping and Deploying Applications on the SAP HANA Platform
Developing and Deploying Applications on the SAP HANA Platform
 
SAP HANA Native Application Development
SAP HANA Native Application DevelopmentSAP HANA Native Application Development
SAP HANA Native Application Development
 
SAP MM Interview questions
SAP MM Interview questionsSAP MM Interview questions
SAP MM Interview questions
 
ASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment ScenariosASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment Scenarios
 
23512555 trade-life-cycle
23512555 trade-life-cycle23512555 trade-life-cycle
23512555 trade-life-cycle
 
The Security and Privacy Threats to Cloud Computing
The Security and Privacy Threats to Cloud ComputingThe Security and Privacy Threats to Cloud Computing
The Security and Privacy Threats to Cloud Computing
 
Cloud security ppt
Cloud security pptCloud security ppt
Cloud security ppt
 
Asa sslvpn security
Asa sslvpn securityAsa sslvpn security
Asa sslvpn security
 
The new ISO 9001:2015
The new ISO 9001:2015The new ISO 9001:2015
The new ISO 9001:2015
 
SAP for Beginners
SAP for BeginnersSAP for Beginners
SAP for Beginners
 
Basics of SAP for noobs (dummies)
Basics of SAP for noobs (dummies)Basics of SAP for noobs (dummies)
Basics of SAP for noobs (dummies)
 
What Makes Great Infographics
What Makes Great InfographicsWhat Makes Great Infographics
What Makes Great Infographics
 

Ähnlich wie SAP Cloud security overview 2.0

Asug84339 how to secure privacy data in a hybrid s4 hana landscape
Asug84339 how to secure privacy data in a hybrid s4 hana landscapeAsug84339 how to secure privacy data in a hybrid s4 hana landscape
Asug84339 how to secure privacy data in a hybrid s4 hana landscapeDharma Atluri
 
Webinar: Cloud Storage: The 5 Reasons IT Can Do it Better
Webinar: Cloud Storage: The 5 Reasons IT Can Do it BetterWebinar: Cloud Storage: The 5 Reasons IT Can Do it Better
Webinar: Cloud Storage: The 5 Reasons IT Can Do it BetterStorage Switzerland
 
Wise Men Solutions Cloud Migration Webinar
Wise Men Solutions Cloud Migration WebinarWise Men Solutions Cloud Migration Webinar
Wise Men Solutions Cloud Migration WebinarWise Men
 
RapidScale Company Presentation
RapidScale Company PresentationRapidScale Company Presentation
RapidScale Company PresentationRapidScale
 
Leveraging The Power Of The Cloud For Your Business
Leveraging The Power Of The Cloud For Your BusinessLeveraging The Power Of The Cloud For Your Business
Leveraging The Power Of The Cloud For Your BusinessJoel Katz
 
NRB SAP Hosting & Cloud Solutions
NRB SAP Hosting & Cloud SolutionsNRB SAP Hosting & Cloud Solutions
NRB SAP Hosting & Cloud SolutionsNRB
 
Track technologique modernize data protection
Track technologique modernize data protectionTrack technologique modernize data protection
Track technologique modernize data protectionVeritas Technologies LLC
 
TechEvent 2019: DBaaS from Swisscom Cloud powered by Trivadis; Konrad Häfeli ...
TechEvent 2019: DBaaS from Swisscom Cloud powered by Trivadis; Konrad Häfeli ...TechEvent 2019: DBaaS from Swisscom Cloud powered by Trivadis; Konrad Häfeli ...
TechEvent 2019: DBaaS from Swisscom Cloud powered by Trivadis; Konrad Häfeli ...Trivadis
 
MT125 Virtustream Enterprise Cloud: Purpose Built to Run Mission Critical App...
MT125 Virtustream Enterprise Cloud: Purpose Built to Run Mission Critical App...MT125 Virtustream Enterprise Cloud: Purpose Built to Run Mission Critical App...
MT125 Virtustream Enterprise Cloud: Purpose Built to Run Mission Critical App...Dell EMC World
 
Sun: Solaris On-Demand Assists ISVs' Strategic Move To Software-As-A-Service
Sun: Solaris On-Demand Assists ISVs' Strategic Move To Software-As-A-ServiceSun: Solaris On-Demand Assists ISVs' Strategic Move To Software-As-A-Service
Sun: Solaris On-Demand Assists ISVs' Strategic Move To Software-As-A-ServiceCallidus Software
 
AWS Enterprise Day | Securing your Web Applications in the Cloud
AWS Enterprise Day | Securing your Web Applications in the CloudAWS Enterprise Day | Securing your Web Applications in the Cloud
AWS Enterprise Day | Securing your Web Applications in the CloudAmazon Web Services
 
1cloudstar cloud store.v1.1
1cloudstar cloud store.v1.11cloudstar cloud store.v1.1
1cloudstar cloud store.v1.11CloudStar
 
ABD212 sap hana the foundation of sap’s digital core no notes
ABD212 sap hana the foundation of sap’s digital core no notesABD212 sap hana the foundation of sap’s digital core no notes
ABD212 sap hana the foundation of sap’s digital core no notesAmazon Web Services
 
Core Archive for SAP Solutions
Core Archive for SAP SolutionsCore Archive for SAP Solutions
Core Archive for SAP SolutionsOpenText
 
Application of Cloud Computing in the Retail sector
Application of Cloud Computing in the Retail sectorApplication of Cloud Computing in the Retail sector
Application of Cloud Computing in the Retail sectorNupur Agarwal
 

Ähnlich wie SAP Cloud security overview 2.0 (20)

Asug84339 how to secure privacy data in a hybrid s4 hana landscape
Asug84339 how to secure privacy data in a hybrid s4 hana landscapeAsug84339 how to secure privacy data in a hybrid s4 hana landscape
Asug84339 how to secure privacy data in a hybrid s4 hana landscape
 
Webinar: Cloud Storage: The 5 Reasons IT Can Do it Better
Webinar: Cloud Storage: The 5 Reasons IT Can Do it BetterWebinar: Cloud Storage: The 5 Reasons IT Can Do it Better
Webinar: Cloud Storage: The 5 Reasons IT Can Do it Better
 
Wise Men Solutions Cloud Migration Webinar
Wise Men Solutions Cloud Migration WebinarWise Men Solutions Cloud Migration Webinar
Wise Men Solutions Cloud Migration Webinar
 
RapidScale Company Presentation
RapidScale Company PresentationRapidScale Company Presentation
RapidScale Company Presentation
 
Icomm cloud-backup-overview
Icomm cloud-backup-overviewIcomm cloud-backup-overview
Icomm cloud-backup-overview
 
Leveraging The Power Of The Cloud For Your Business
Leveraging The Power Of The Cloud For Your BusinessLeveraging The Power Of The Cloud For Your Business
Leveraging The Power Of The Cloud For Your Business
 
SAP HANA Cloud Security
SAP HANA Cloud SecuritySAP HANA Cloud Security
SAP HANA Cloud Security
 
NRB SAP Hosting & Cloud Solutions
NRB SAP Hosting & Cloud SolutionsNRB SAP Hosting & Cloud Solutions
NRB SAP Hosting & Cloud Solutions
 
Track technologique modernize data protection
Track technologique modernize data protectionTrack technologique modernize data protection
Track technologique modernize data protection
 
TechEvent 2019: DBaaS from Swisscom Cloud powered by Trivadis; Konrad Häfeli ...
TechEvent 2019: DBaaS from Swisscom Cloud powered by Trivadis; Konrad Häfeli ...TechEvent 2019: DBaaS from Swisscom Cloud powered by Trivadis; Konrad Häfeli ...
TechEvent 2019: DBaaS from Swisscom Cloud powered by Trivadis; Konrad Häfeli ...
 
MT125 Virtustream Enterprise Cloud: Purpose Built to Run Mission Critical App...
MT125 Virtustream Enterprise Cloud: Purpose Built to Run Mission Critical App...MT125 Virtustream Enterprise Cloud: Purpose Built to Run Mission Critical App...
MT125 Virtustream Enterprise Cloud: Purpose Built to Run Mission Critical App...
 
IT Resilience Use Case
IT Resilience Use CaseIT Resilience Use Case
IT Resilience Use Case
 
Cleversafe.PPTX
Cleversafe.PPTXCleversafe.PPTX
Cleversafe.PPTX
 
Sun: Solaris On-Demand Assists ISVs' Strategic Move To Software-As-A-Service
Sun: Solaris On-Demand Assists ISVs' Strategic Move To Software-As-A-ServiceSun: Solaris On-Demand Assists ISVs' Strategic Move To Software-As-A-Service
Sun: Solaris On-Demand Assists ISVs' Strategic Move To Software-As-A-Service
 
AWS Enterprise Day | Securing your Web Applications in the Cloud
AWS Enterprise Day | Securing your Web Applications in the CloudAWS Enterprise Day | Securing your Web Applications in the Cloud
AWS Enterprise Day | Securing your Web Applications in the Cloud
 
Iaas storage-170302090824
Iaas storage-170302090824Iaas storage-170302090824
Iaas storage-170302090824
 
1cloudstar cloud store.v1.1
1cloudstar cloud store.v1.11cloudstar cloud store.v1.1
1cloudstar cloud store.v1.1
 
ABD212 sap hana the foundation of sap’s digital core no notes
ABD212 sap hana the foundation of sap’s digital core no notesABD212 sap hana the foundation of sap’s digital core no notes
ABD212 sap hana the foundation of sap’s digital core no notes
 
Core Archive for SAP Solutions
Core Archive for SAP SolutionsCore Archive for SAP Solutions
Core Archive for SAP Solutions
 
Application of Cloud Computing in the Retail sector
Application of Cloud Computing in the Retail sectorApplication of Cloud Computing in the Retail sector
Application of Cloud Computing in the Retail sector
 

SAP Cloud security overview 2.0

  • 1. SAP Cloud Solution – Security 1
  • 2. About me • Rasmi Swain • Enterprise IT Consulting & Delivery • Enterprise IT architecture • SAP ECC 6.0 , SAP BW, BO–BI • HANA Analytics, HANA Cloud • SAP Mobility ( SMP 3.0, FIORI, MDM, Mobile Security) • Information Security (Cloud Security, GRC, ISO 2700K) • E-Governance & Smart City SAP Cloud Security 2
  • 3. Contents • SAP Cloud Solutions • Security Regulations • Security Requirements • Data Center Security • Physical Security • Network Security • Data Security • Backup/Recovery & Compliance • Identity management SAP Cloud Security 3
  • 4. SAP a Cloud Company • SAP + HANA+SF+ARIBA+ Sybase • Most Comprehensive cloud portfolio solutions • Data security and data privacy is part of the DNA SAP Cloud Security 4 Source : SAP
  • 5. SAP Cloud Portfolio SAP Cloud Security 5 Source : SAP Cloud Documents in Public
  • 6. Trust the #1 asset in cloud business - Security, data protection, and data privacy became more important. - And a single case of data loss hits the whole industry. - If a single company fails in the cloud, no vendor in this service can bet on more subscribers. It´s a loss-loss. - handle data with the utmost discretion and allow business-critical processes to run securely. - Protect customer against unauthorized data access and misuse, confidential data disclosure SAP Cloud Security 6 Source : SAP
  • 7. Security Regulations • HIPAA • PCI-DSS, ISO 27002, BS7799, • ISO 27001/27017 • PII/ Privacy • EU Data Protection 95/46/EC • e-Privacy Directive 2002/58/EC • ASIO-4, FIPS Moderate, • BS10012, SSAE-16/SOC2 SAP Cloud Security 7
  • 8. Security Requirements • CSP (Cloud Partner) must be complaint • US-EU safe Harbor • Employee Background check • Physical Security • Physical data location • Unauthorized data access (credential steals) SAP Cloud Security 8 • Data steal from insiders • Firewalls to prevent 3rd party attacks • Operational compliance • Shallow security • Data Portability • Business Continuity Security
  • 9. Data Center Security SAP Cloud Security 9 DB Security Network Security Compliance Back up & Business Continuity SOC2 Privacy Trust Criteria BS10012 Privacy Standard used internationally SAP Cloud Security 9 Location & Physical Security BS25999 CERTIFIED ISO 9001 CERTIFIED ISO 27001 CERTIFIED SSAE16 TESTIFIED ISAE3402 TESTIFIED*
  • 10. SAP Cloud Security – Physical Security SAP Cloud Security BUILDINGPOWER FIRE+ FLOOD COOL ING  Reinforced concrete construction  Hundreds of surveillance cameras with digital recording  Fully monitored doors  Tens of thousands of environmental sensors  Security guards and facility support team onsite 24x7x365  Biometric sensors + card readers to access secured areas  Multiple redundant internet connections from multiple carriers  Redundant power sources  Hundreds of UPS units with additional capabilities of 20 min  Auxiliary, expandable diesel power supply, online within minutes  Diesel fuel storage sufficient for 48-hours of operations without refueling  Contracts with external diesel suppliers to guarantee continuous operation  Fire and flood protection  Redundant, environmentally friendly, Inergen fire extinguisher System  Thousands Fire and Flood Surveillance Sensors  100% redundant air conditioning  Auxiliary cooling capacity Source – SAP
  • 11. SAP Cloud Network Security SAP Cloud Security 11 Multi-tiered Network Architecture End-user traffic is limited to the front Demilitarized Zone (DMZ) tier of Web servers only. Each single tier in the hosting environment is organized into a DMZ- like pattern. This allows a firewall or Virtual Local Area Networks (VLAN) separation between each tier. A request is individually validated before creating the next tier independent request. SSAE16-SOC2 Type II auditing twice a year. * formerly known as Secure Sockets Layer Reverse Proxy Farms Hide network topology Multiple redundant Internet Connections Limit the effect of denial of service (DOS) attacks Data Encryption Highest level of protection with up to 256-Bit Data encryption protocols using Transport Layer Security* Intrusion Detection System Monitor web traffic 24 x 7 x 365 Multiple Firewalls Shield internal network from hackers Third Party Audits/Penetration Tests Early and independent detection of security issues (e.g. program backdoors, network vulnerabilities,…) 11 Communication between client and SAP leverages Secure Sockets Layer (SSL) or Transport Layer Security (TLS) encryption. SAP solutions also support dedicated encrypted communication channels (WAN and VPN) for better access and integration. SAP also provides customers a choice: the management of all security from top to bottom, or the ability to integrate SAP Cloud with their own industry-standard identity management solutions. .
  • 12. Data Security - Data Segregation  SaaS Multi-tenant Architecture - example SAP Cloud for People  With cloud solutions from SAP, there is a logical isolation within a SaaS application that extends down to the virtual server layer. In certain environments like the SAP HANA Enterprise Cloud, organizations will also get physical isolation via dedicated SAP HANA database servers that reside in dedicated customer network segments (VLANS). SAP Cloud Security 12 . Database Tier Instance A Instance B Instance C Instance D Application Tier Service Tier Personal credentials Optional Single Sign On Distinct application instance per customer enforces Memory segregation Distinct database schema per customer enforces data segregation 3rd party Application Core Tenant manager Instance A Instance B Instance C Instance D XML Abstraction Layer WebServices InterfaceGraphical User Interface Schema • Data • Configurations Schema • Data • Configurations Schema • Data • Configurations Schema  Data  Configurations
  • 13. Cloud SaaS delivery model- Data transmission & data flow control SAP Cloud Security 1313 Cloud solutions from SAP segregate heterogeneous data by using the following approach to build the application architecture and store the data: • Unique database tables: • Most service providers offering shared Web access have one set of database tables in a normalized database that is shared by many customers. In contrast, organizations that use cloud solutions from SAP share the network security infrastructure, Web servers, application servers, and database instance. However, each customer has its own set of database tables within its own unique database schema, which ensures complete segregation of tenants’ data. • Dedicated database Servers: • In case of a SAP HANA database, SAP provides a dedicated physical database server that is located in the customer cloud network segment. • Encrypted data storage: • When cloud solutions from SAP support database or file system encryption, all encrypted data is stored on disks using a minimum of AES 128-bit encryption. • Secure levels: • In SaaS services, the top two tiers (application and Web in later levels) are completely stateless. Cloud solutions from SAP dramatically reduce the security risk of these two tiers because no sessions are kept in memory or written to disk. This approach simplifies the construction of load-balanced server farms, as there is no need to keep the workloads on any given server. • Movement of data: • It is important to remember that data is moving through multiple tiers, and each level must ensure data security. Cloud solutions from SAP use a defense-in-depth strategy to provide segregation of data at all layers.
  • 14. SAP Cloud Security – Backup/Recovery & Compliance SAP Cloud Security 14 • Compliance features  Journal entries that allow tracing of business transactions to source documents  Number ranges that distinguish journal entries  Accounting-relevant data cannot be deleted from audit trails  Supports IFRS accounting regulations  Solution documentation included  Segregation of duties supported Snapshots: Backups are created with snapshots from disk to disk. This ensures fast creation, backups, and, if required, fast restoration. Frequency: Daily full backup. Log files incrementally backed up every two hours: all changes in database since the last full backup are saved. Location: Database and log-file backups are stored in a geographically separated data center but stay in the designated region. Objective: Recovery up to the last transaction is supported within database recovery process. Maximum lost time for customer is two hours - if the primary data center is completely destroyed. Retention times: Backups of the last 3 days are kept on primary and secondary storage. Previous backups are kept up to 14 days in the geographically separated backup data center. 14
  • 15. SAP SaaS delivery model- Identity management SAP Cloud Security 15 • Internal authentication: • Cloud solutions from SAP use an internal repository of user profiles when customers choose not to integrate their identity management product with SAP solutions • Federated authentication (single sign-on): • The primary transport protocol for this trust mechanism is standard Hypertext Transfer Protocol Secure (HTTPS). In the SAP HANA® Enterprise Cloud service, a direct integration into the customer network and single-sign-on implementation is possible. Cloud solutions from SAP also use single sign-on features of the SAP NetWeaver® technology platform for system-to-system and administrator authentication. 15 Cloud solutions from SAP support the Lightweight Directory Access Protocol (LDAP) and tokens, • such as MD5, SHA-1, • HMAC encryption, DES, and 3DES. • The solution also supports Security Assertion Markup Language (SAML 1.1, 2.0) • SAP Supply Network Collaboration with encrypted remote function call (RFC) and client/server personal security environment (PSE) verification.