SlideShare a Scribd company logo

SAP HANA Cloud Security

Gaurav Ahluwalia
Gaurav Ahluwalia
1 of 30
Download to read offline
Page 1 SAP CLOUD SECURITY By Gaurav Ahluwalia
Page 2 INTRODUCTION Information Security is not just a buzzword for the SAP Security, Risk & Compliance Office – it‘s our daily work, our passion, and the principle that drives us. We strive to provide the best security and data protection possible to SAP and our customers. Each customer is treated as if they were our only customer. That‘s the kind of commitment and importance we work to achieve - every single day. We have consistently certified to internationally recognized standards such as ISO 9001 for Quality Management or ISO 27001 for Information Security, provide SOC1 and SOC2 reports twice a year along with using industry accepted best practices such as COBIT or the ISF Standard of Good Practice for Information Security to assure the best possible security and risk management approach. You can rest assured that your information is in good, experienced hands. Information security, sometimes shortened to InfoSec, is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. It is a general term that can be used regardless of the form the data may take (e.g. electronic, physical). Sometimes referred to as computer security, information technology security is information security applied to technology (most often some form of computer system). It is worthwhile to note that a computer does not necessarily mean a home desktop. A computer is any device with a processor and some memory. Such devices can range from non-networked standalone devices as simple as calculators, to networked mobile computing devices such as smartphones and tablet computers. IT security specialists are almost always found in any major enterprise/establishment due to the nature and value of the data within larger businesses. They are responsible for keeping all of the technology within the company secure from malicious cyber-attacks that often attempt to breach into critical private information or gain control of the internal systems.
Page 3 Figure Information Security Attributes: or qualities, i.e., Confidentiality, Integrity and Availability (CIA).
Page 4 HANA ENTERPRSE (HEC)- HIGH LEVEL OVERVIEW #: Refers to one customer MPLS: Multiprotocol Label Switching VPN: Virtual Private Network The fundamental security architecture of the HEC infrastructure is the principal of a private cloud. This means customer will receive an isolated, logical grouping of several Virtual Machines and physical systems. All customer networks are completely isolated from each other. HEC administrative tasks will be done using management networks.
Page 5 The Clouds #1, #2, #3 are the clouds for customer. There would be a shared administrative infrastructure jargon available for example tape drives or the hardware modules used to take backup. Networking resources and there would be a admin firewall available which bridge between SAP Corporate Networks (the real SAP Guys) which log on the HEC and check its healthy state. Customer specific clouds would be alien to each other won’t be interacting with each other until otherwise have a specific interfacing exist for business needs. In short there would virtualization of every instance and there would minimal downtimes on the Virtual Clouds. As the whole architecture would be very robust corresponding to Tier quality as a datacenter which inturn hit costs and pockets of the customer. Cloud hosting of business is not new, pricing around a Google cloud a sample pricing sheet for apps engine. Resource Unit Unit cost (in US $) Standard Runtime Instances* Instance hours $0.05 Outgoing Network Traffic Gigabytes $0.12 Incoming Network Traffic Gigabytes Free Datastore Storage Gigabytes per month $0.18 Blobstore, Logs, and Task Queue Stored Data Gigabytes per month $0.03 Dedicated Memcache Gigabytes per hour $0.06 Logs API Gigabytes $0.12 SSL Virtual IPs** (VIPs) Virtual IP per month $39.00 Sending Email, Shared Memcache, Cron, APIs (URLFetch, Task Queues, Image, Sockets, Files, Users, and Channel) No Additional Charge Keenly looking at the sheet shows you low costs for running your IT solution at high availability which can further put down the total cost of ownership TCO for the IT solution. Cloud computing for SAP would put down the big maintenance cost to different outsourcing partners for Hardware, Software AMC and other consulting charges which client bear for running a healthy SAP systems.
Page 6 Client might give HECs service provider (PaaS) a lump sum cost to run the sap system as a whole. HEC might bring into action an app based approach for SAP. Figure: Your deployed application in HANA cloud platform. So if you want to do a small rollout you can precisely give out AMC’s on the number HTML5 apps you would be developing on HCP as SAP partner and package your code in BSP application. This code might talk to your native SAP or Successfactors or Hybris whatever is the underlying mother system exist for HANA. Security concerns around these small extension apps would an issue to research. Right now SAP is supporting
Page 7 all the new authentication technologies like OAUTH, SAML2 single sign on. Kerberos tokens, X509 client certificates. Following is an overview of SAP HANA Cloud Platform Figure: Features of Hana Cloud Platform --- We can create extension apps on every engine in platform.
Page 8 HANA ENTERPRSE (HEC)- HIGH LEVEL OVERVIEW CONTD.. Following figure shows much in details of hana cloud with descriptions.
Page 9 HANA ENTERPRISE CLOUD (HEC) - DETAILS Details for Customer Landscapes
Page 10 HANA VIRTUALIZATION TECHNOLOGY AND SECURITY Virtualization technologies like VMware vSphere,  High Availability reduces unplanned downtime and provides higher service levels for applications. In the event of an unplanned hardware failure, affected virtual machines automatically restart on another host in the vSphere cluster. • Automation. VMware’s automated load balancing takes advantage of vMotion and Storage vMotion to migrate virtual machines among a set of VMware ESXi™ hosts. VMware vSphere Storage DRS and DRS allow automatic resource relocation and optimization for virtual machines and related storage. • Provisioning. VMware virtualization encapsulates an application into an image that can be duplicated or moved, which greatly reduces the cost of application provisioning and deployment Figure: VMware vSphere virtual infrastructure
Page 11 INSTRUCTION ISOLATION Figure: Instruction Isolation
Page 12 MEMORY ISOLATION Figure: Memory Isolation Figure: Transparent Page Sharing – Page-Content Hashing
Page 13 I/O REMAPPING Figure: I/O Remapping -- Data Paths via the Hypervisor and DirectPath I/O
Page 14 Resource Provisioning, Shares, and Limits. In a virtualized environment, resources are shared among all virtual machines. But because system resources can be managed, it enables use limits on virtual machines. NETWORK ISOLATION Figure: Increasing Sensitivity of Networks in Virtual Infrastructures Figure: Network Isolation Through the use of a virtualized network controller (vNIC)–level firewall, a virtual machine can be isolated from other virtual machines, even on the same switch (layer 2 isolation).
Page 15 STORAGE ISOLATION Figure. Virtual Firewall at the vNIC Level Figure NFS and Block Storage I/O
Page 16 HANA ENTERPRISE CLOUD (HEC) – DETAILS CONTD.. Details for Network Integration
Page 17 HANA ENTERPRISE CLOUD (HEC) - DETAILS Details for Public Internet Access
Page 18 BITS AND PIECES OF REVERSE PROXY FARMS This diagram show a bit network for reverse proxy farms setup inside HECs for different client clouds given every domain name of the client is different.
Page 19 FEATURES OF HANA ENTERPRISE CLOUD SECURITY  Advanced IT Security Architecture, o Isolated, separated Landscape per Customer o Security hardened Systems  Secure Operations – o Asset Management o Change Management o Incident Management o Anti-Virus & Malware Management o Backup / Restore Management o Identity & Access Management o Security Awareness Trainings  Security measures are audited and confirmed through various Certifications & Attestations – o ISO Certificates o  ISO9001 Quality Management System o  ISO27001 Information Security Management System o SOC1 (ISAE3402/SSAE16) Type I & Type II o SOC2 Type I & Type II o Industry specific Certificates (on demand with business case foundation)  Network Security o Network Filtering o Intrusion Prevention Systems
Page 20 o Web Application Firewall o 2-factor Authentication o Network Admission Control – Proxies with Content Filtering o Advanced threat management  Physical Security o Video and Sensor Surveillance o Access Logging o Security Guards o Fire Detection and Extinguishing System o Uninterruptible Power Supply o Biometric Access Control in certain Locations  Threat & Vulnerability Management o Security Patch Management o Penetration Testing o Vulnerability Scanning o 24 x 7 Security Monitoring Center  Customer data flow control o Regional Data Storage (e.g. EU-, US-Cloud) o European data protection and privacy policy
Page 21 DATA CENTER – SECURITY REQUIREMENTS SAP Cloud Solutions and Customer Data needs to be operated in a: SAP Tier Level III, III+ or IV classified Data Center. SAP checks on site the compliance to the SAP Data Center minimum physical security standard that covers topics like: o Perimeter & Location security o Building entry point security o Building Security o Access Controls & Monitoring o General access and o Access to dedicated SAP areas o Fire Protection o Electrical Power supply o Certifications of the DC Provider
Page 22 Minimum availability requirements Tier I Tier II Tier III Tier III+ Tier IV Stand-alone Data Center building necessary no no no yes yes Amount of external electrical power suppliers. 1 1 1 1 2 Amount of transformers to power the Data Center n n n + 1 n + 1 2n UPS Battery System necessary no yes yes yes yes Minutes UPS must provide power 0 5 >10 >10 >10 Amount of UPS Systems necessary n n n + 1 n + 1 2n (Diesel-) Generators needed no no yes yes yes Amount of cooling systems needed n n n + 1 n + 1 2n Server cooling is independent from an office AC no no yes yes yes Fire detection system needs to be installed yes yes yes yes yes Fire extinguishing system must be installed no yes yes yes yes On-site response time of Data Center personnel <48h <8h <1h <1h <1h Available WAN network connection lines 1 n + 1 n + 1 n + 1 2n Available LAN network connection lines N n + 1 n + 1 2n 2n Data center security requirements for SAP.
Page 23 HEC DATACENTERS Current Status Tier Level & Certifications
Page 24 WHY HANA ENTERPRISECLOUD (HEC) IS BETTER SAP has a long-standing tradition in security of its solutions and takes demands from customers on cloud security very seriously. a) Strong collaboration between Security, Operations and Product Development team. o Strong collaboration of Product Security team and Operations Security team ensures proper security and compliance implemented in HEC products. o Identified issues are directly communicated into Product Development team to ensure immediate fixes. o Strong collaboration of Security team and Operations team ensures proper definition of security requirements individually per Cloud product within HEC. o Security team consults the Operations team in defining and implementing the security measures per asset individually. o Regular monitoring ensures timely identification of issues. b) Multi Layers of defense to protect our Customer’s data.
Page 25 c) Holistic Security & Compliance approach: integrated, monitored and validated by external audits. o HEC leverages a multi-dimensional security and compliance approach to establish and maintain state-of-the-art Security & Compliance. o The following two slides describe the key aspects of the holistic Security & Compliance Approach. o Protection Goal i. Security (CIA) HEC focuses on confidentiality and integrity of data as well as availability of customer systems and central infrastructure. ii. Data Protection HEC is fully committed to data protection and privacy. SAP is a global company with its headquarters in Germany, which is a member of the European Union (EU). Therefore our Policy is based on definitions of European Data Protection legislation and defines the basic principles applicable for every SAP entity *). HEC respects data protection and privacy rights and safeguards any Personal Data of our customers. o IP Protection HEC in addition focuses on the protection of your intellectual property. Access to data is strictly limited according the need-to-know-principle. Strict separation of customer systems is understood!
Page 26 o Demands & Enforcement – i. Requirements / Measures --- SAP has a strict policy framework which is broken down into detailed technical procedures for operations. ii. Monitoring --- Regular monitoring ensures timely identification of deviations and initiates fixes quickly. iii. Audits i. During the Compliance & Certification Audits we ask external experts to verify our security effectiveness. ii. Through regular supplier audits, we ensure the security effectiveness of suppliers and sub-contractors. o Scoping – i. Technology- a. Secure operability of HEC products is monitored. Issues are directly addressed to Product Development team. b. Our security scope covers all infrastructure components and tools required to operate and manage HEC. ii. Processes- All relevant processes for cloud product development and cloud operations are within the security scope. iii. People- Regular training and evaluation is key to ensure proper operations of HEC. d) Customer can select the region of data storage. a. The physical storage of customer data is crucial to numerous enterprises. Therefore, our HEC customers can choose if their data is stored in cloud data centers located in the USA or in Europe. b. The general rule is: We have clear and company-wide guidelines in place that define, how we respond to requests for customer data coming from law enforcement authorities and regarding national security concerns. We take our commitment to our
Page 27 customers and legal compliance very seriously. Customer data is only shared if the request is legally valid. Our legal department evaluates every inquiry in detail. In addition, we will question a request if there are grounds for assuming that they are not in conformity with the law. CLOUD SECURITY GOVERNANCE / BUILD ONE DELIVERY – INTERNAL CONTROLS Compliance & Processes
Page 28  Integrated Information Security Management System (acc. ISO27001)  Controls embedded into operational processes and procedures  Process Managers located within the delivery unit  Training is provided on regular basis to ensure proper implementation  Control effectiveness is regularly tested  Compliance audits performed twice per year  ISO audits performed on annual basis Certification Overview & Roadmap Certifications/ Attestations Roadmap Certifications and Attestations SAP Cloud Offering SOC1/ISAE3402 SOC 2 ISO27001 OthersType I Type II Type I Type II SAP Business by Design SAP Cloud for Customer SAP Cloud for Financials SAP Cloud for Sales SAP Cloud for Service SAP Cloud for Social Engagement SAP Cloud for Travel & Expense
Page 29 HANA Enterprise Cloud ISO9001; planned for Q4/2014: ISO22301 Ariba cloud solutions from SAP PCI-DSS, Webtrust, SafeHarbor Ariba - Quadrem cloud solutions from SAP WebTrust SuccessFactors cloud solutions from SAP SafeHarbor SAP People Cloud Solutions - Employee Central SafeHarbor SAP People Cloud Solutions - Employee Central Payroll SafeHarbor SAP HANA Cloud Platform & Portal SAP HANA Cloud Portal Legend Colors Certification available Certification planned for 2014: Certification planned for 2016: Certification not applicable: May be added in future:
Page 30 Certifications / Attestations Purpose SOC1 / ISAE 3402 / SSAE16 Report on a service organizations internal controls that are likely to be relevant to an audit of a customer’s financial statements. (former SAS 70) SOC 2 Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy. Can be handed out to customers and prospects, use/distribution may be restricted. SOC 3 Trust Services Report for Service Organizations. Used for marketing purposes, unrestricted use/distribution. ISO 27001 Certification of a Information Security Management System. Used for marketing purposes, certification can be officially published. ISO 9001 Certification of a Quality Management System Used for marketing purposes, certification can be officially published. PCI-DSS Required for customers: who handle cardholder information for debit, credit, prepaid, e-purse, ATM, and POS cards

Recommended

SABSA overview
SABSA overviewSABSA overview
SABSA overviewSABSAcourses
 
A Practical Example to Using SABSA Extended Security-in-Depth Strategy
A Practical Example to Using SABSA Extended Security-in-Depth Strategy A Practical Example to Using SABSA Extended Security-in-Depth Strategy
A Practical Example to Using SABSA Extended Security-in-Depth Strategy Allen Baranov
 
Security-by-Design in Enterprise Architecture
Security-by-Design in Enterprise ArchitectureSecurity-by-Design in Enterprise Architecture
Security-by-Design in Enterprise ArchitectureThe Open Group SA
 
Azure Synapse Analytics
Azure Synapse AnalyticsAzure Synapse Analytics
Azure Synapse AnalyticsWinWire Technologies Inc
 
Adaptive Enterprise Security Architecture
Adaptive Enterprise Security ArchitectureAdaptive Enterprise Security Architecture
Adaptive Enterprise Security ArchitectureSABSAcourses
 
Azure Synapse Analytics Overview (r2)
Azure Synapse Analytics Overview (r2)Azure Synapse Analytics Overview (r2)
Azure Synapse Analytics Overview (r2)James Serra
 
Enterprise Security Architecture Design
Enterprise Security Architecture DesignEnterprise Security Architecture Design
Enterprise Security Architecture DesignPriyanka Aash
 
Conceptual security architecture
Conceptual security architectureConceptual security architecture
Conceptual security architectureMubashirAslam5
 

Recommended

SABSA overview
SABSA overviewSABSA overview
SABSA overviewSABSAcourses
 
A Practical Example to Using SABSA Extended Security-in-Depth Strategy
A Practical Example to Using SABSA Extended Security-in-Depth Strategy A Practical Example to Using SABSA Extended Security-in-Depth Strategy
A Practical Example to Using SABSA Extended Security-in-Depth Strategy Allen Baranov
 
Security-by-Design in Enterprise Architecture
Security-by-Design in Enterprise ArchitectureSecurity-by-Design in Enterprise Architecture
Security-by-Design in Enterprise ArchitectureThe Open Group SA
 
Azure Synapse Analytics
Azure Synapse AnalyticsAzure Synapse Analytics
Azure Synapse AnalyticsWinWire Technologies Inc
 
Adaptive Enterprise Security Architecture
Adaptive Enterprise Security ArchitectureAdaptive Enterprise Security Architecture
Adaptive Enterprise Security ArchitectureSABSAcourses
 
Azure Synapse Analytics Overview (r2)
Azure Synapse Analytics Overview (r2)Azure Synapse Analytics Overview (r2)
Azure Synapse Analytics Overview (r2)James Serra
 
Enterprise Security Architecture Design
Enterprise Security Architecture DesignEnterprise Security Architecture Design
Enterprise Security Architecture DesignPriyanka Aash
 
Conceptual security architecture
Conceptual security architectureConceptual security architecture
Conceptual security architectureMubashirAslam5
 
SABSA Implementation(Part III)_ver1-0
SABSA Implementation(Part III)_ver1-0SABSA Implementation(Part III)_ver1-0
SABSA Implementation(Part III)_ver1-0Maganathin Veeraragaloo
 
Security review using SABSA
Security review using SABSASecurity review using SABSA
Security review using SABSAMaganathin Veeraragaloo
 
NIST - Cybersecurity Framework mindmap
NIST - Cybersecurity Framework mindmapNIST - Cybersecurity Framework mindmap
NIST - Cybersecurity Framework mindmapWAJAHAT IQBAL
 
Implementing your landing zone - FND210 - AWS re:Inforce 2019
Implementing your landing zone - FND210 - AWS re:Inforce 2019 Implementing your landing zone - FND210 - AWS re:Inforce 2019
Implementing your landing zone - FND210 - AWS re:Inforce 2019 Amazon Web Services
 
Best Practices for implementing Database Security Comprehensive Database Secu...
Best Practices for implementing Database Security Comprehensive Database Secu...Best Practices for implementing Database Security Comprehensive Database Secu...
Best Practices for implementing Database Security Comprehensive Database Secu...Kal BO
 
SABSA - Business Attributes Profiling
SABSA - Business Attributes ProfilingSABSA - Business Attributes Profiling
SABSA - Business Attributes ProfilingSABSAcourses
 
SOC-2 Compliance Status Report sample v10.0
SOC-2 Compliance Status Report sample v10.0SOC-2 Compliance Status Report sample v10.0
SOC-2 Compliance Status Report sample v10.0Mark S. Mahre
 
Sap Security Workshop
Sap Security WorkshopSap Security Workshop
Sap Security Workshoplarrymcc
 
SAP GRC AC 10.1 - ARM Workflows
SAP GRC AC 10.1 - ARM WorkflowsSAP GRC AC 10.1 - ARM Workflows
SAP GRC AC 10.1 - ARM WorkflowsRohan Andrews
 
Enterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to auditEnterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to auditBob Rhubart
 
Sap Cloud Migration
Sap Cloud MigrationSap Cloud Migration
Sap Cloud MigrationPT Datacomm Diangraha
 
SABSA Implementation(Part II)_ver1-0
SABSA Implementation(Part II)_ver1-0SABSA Implementation(Part II)_ver1-0
SABSA Implementation(Part II)_ver1-0Maganathin Veeraragaloo
 
Cissp Training PPT
Cissp Training PPTCissp Training PPT
Cissp Training PPTADEPT TECHNOLOGY
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security ArchitecturePriyanka Aash
 
SABSA Implementation(Part I)_ver1-0
SABSA Implementation(Part I)_ver1-0SABSA Implementation(Part I)_ver1-0
SABSA Implementation(Part I)_ver1-0Maganathin Veeraragaloo
 
Technical Walkthrough of SAP S/4HANA System Conversion
Technical Walkthrough of SAP S/4HANA System ConversionTechnical Walkthrough of SAP S/4HANA System Conversion
Technical Walkthrough of SAP S/4HANA System ConversionAkilesh Kumaran
 
Introducing Azure SQL Data Warehouse
Introducing Azure SQL Data WarehouseIntroducing Azure SQL Data Warehouse
Introducing Azure SQL Data WarehouseJames Serra
 
Cloud Migration: Moving Data and Infrastructure to the Cloud
Cloud Migration: Moving Data and Infrastructure to the CloudCloud Migration: Moving Data and Infrastructure to the Cloud
Cloud Migration: Moving Data and Infrastructure to the CloudSafe Software
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security ArchitectureKris Kimmerle
 
Microsoft SQL Server - SQL Server Migrations Presentation
Microsoft SQL Server - SQL Server Migrations PresentationMicrosoft SQL Server - SQL Server Migrations Presentation
Microsoft SQL Server - SQL Server Migrations PresentationMicrosoft Private Cloud
 
Các giải pháp marketing nhằm nâng cao doanh thu tại công ty tnhh thương mại v...
Các giải pháp marketing nhằm nâng cao doanh thu tại công ty tnhh thương mại v...Các giải pháp marketing nhằm nâng cao doanh thu tại công ty tnhh thương mại v...
Các giải pháp marketing nhằm nâng cao doanh thu tại công ty tnhh thương mại v...Thu Vien Luan Van
 
OData - The Universal REST API
OData - The Universal REST APIOData - The Universal REST API
OData - The Universal REST APINishanth Kadiyala
 

More Related Content

What's hot

NIST - Cybersecurity Framework mindmap
NIST - Cybersecurity Framework mindmapNIST - Cybersecurity Framework mindmap
NIST - Cybersecurity Framework mindmapWAJAHAT IQBAL
 
Implementing your landing zone - FND210 - AWS re:Inforce 2019
Implementing your landing zone - FND210 - AWS re:Inforce 2019 Implementing your landing zone - FND210 - AWS re:Inforce 2019
Implementing your landing zone - FND210 - AWS re:Inforce 2019 Amazon Web Services
 
Best Practices for implementing Database Security Comprehensive Database Secu...
Best Practices for implementing Database Security Comprehensive Database Secu...Best Practices for implementing Database Security Comprehensive Database Secu...
Best Practices for implementing Database Security Comprehensive Database Secu...Kal BO
 
SABSA - Business Attributes Profiling
SABSA - Business Attributes ProfilingSABSA - Business Attributes Profiling
SABSA - Business Attributes ProfilingSABSAcourses
 
SOC-2 Compliance Status Report sample v10.0
SOC-2 Compliance Status Report sample v10.0SOC-2 Compliance Status Report sample v10.0
SOC-2 Compliance Status Report sample v10.0Mark S. Mahre
 
Sap Security Workshop
Sap Security WorkshopSap Security Workshop
Sap Security Workshoplarrymcc
 
SAP GRC AC 10.1 - ARM Workflows
SAP GRC AC 10.1 - ARM WorkflowsSAP GRC AC 10.1 - ARM Workflows
SAP GRC AC 10.1 - ARM WorkflowsRohan Andrews
 
Enterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to auditEnterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to auditBob Rhubart
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security ArchitecturePriyanka Aash
 
Technical Walkthrough of SAP S/4HANA System Conversion
Technical Walkthrough of SAP S/4HANA System ConversionTechnical Walkthrough of SAP S/4HANA System Conversion
Technical Walkthrough of SAP S/4HANA System ConversionAkilesh Kumaran
 
Introducing Azure SQL Data Warehouse
Introducing Azure SQL Data WarehouseIntroducing Azure SQL Data Warehouse
Introducing Azure SQL Data WarehouseJames Serra
 
Cloud Migration: Moving Data and Infrastructure to the Cloud
Cloud Migration: Moving Data and Infrastructure to the CloudCloud Migration: Moving Data and Infrastructure to the Cloud
Cloud Migration: Moving Data and Infrastructure to the CloudSafe Software
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security ArchitectureKris Kimmerle
 
Microsoft SQL Server - SQL Server Migrations Presentation
Microsoft SQL Server - SQL Server Migrations PresentationMicrosoft SQL Server - SQL Server Migrations Presentation
Microsoft SQL Server - SQL Server Migrations PresentationMicrosoft Private Cloud
 

What's hot (20)

SABSA Implementation(Part III)_ver1-0
SABSA Implementation(Part III)_ver1-0SABSA Implementation(Part III)_ver1-0
SABSA Implementation(Part III)_ver1-0
 
Security review using SABSA
Security review using SABSASecurity review using SABSA
Security review using SABSA
 
NIST - Cybersecurity Framework mindmap
NIST - Cybersecurity Framework mindmapNIST - Cybersecurity Framework mindmap
NIST - Cybersecurity Framework mindmap
 
Implementing your landing zone - FND210 - AWS re:Inforce 2019
Implementing your landing zone - FND210 - AWS re:Inforce 2019 Implementing your landing zone - FND210 - AWS re:Inforce 2019
Implementing your landing zone - FND210 - AWS re:Inforce 2019
 
Best Practices for implementing Database Security Comprehensive Database Secu...
Best Practices for implementing Database Security Comprehensive Database Secu...Best Practices for implementing Database Security Comprehensive Database Secu...
Best Practices for implementing Database Security Comprehensive Database Secu...
 
SABSA - Business Attributes Profiling
SABSA - Business Attributes ProfilingSABSA - Business Attributes Profiling
SABSA - Business Attributes Profiling
 
SOC-2 Compliance Status Report sample v10.0
SOC-2 Compliance Status Report sample v10.0SOC-2 Compliance Status Report sample v10.0
SOC-2 Compliance Status Report sample v10.0
 
Sap Security Workshop
Sap Security WorkshopSap Security Workshop
Sap Security Workshop
 
SAP GRC AC 10.1 - ARM Workflows
SAP GRC AC 10.1 - ARM WorkflowsSAP GRC AC 10.1 - ARM Workflows
SAP GRC AC 10.1 - ARM Workflows
 
Enterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to auditEnterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to audit
 
Sap Cloud Migration
Sap Cloud MigrationSap Cloud Migration
Sap Cloud Migration
 
SABSA Implementation(Part II)_ver1-0
SABSA Implementation(Part II)_ver1-0SABSA Implementation(Part II)_ver1-0
SABSA Implementation(Part II)_ver1-0
 
Cissp Training PPT
Cissp Training PPTCissp Training PPT
Cissp Training PPT
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security Architecture
 
SABSA Implementation(Part I)_ver1-0
SABSA Implementation(Part I)_ver1-0SABSA Implementation(Part I)_ver1-0
SABSA Implementation(Part I)_ver1-0
 
Technical Walkthrough of SAP S/4HANA System Conversion
Technical Walkthrough of SAP S/4HANA System ConversionTechnical Walkthrough of SAP S/4HANA System Conversion
Technical Walkthrough of SAP S/4HANA System Conversion
 
Introducing Azure SQL Data Warehouse
Introducing Azure SQL Data WarehouseIntroducing Azure SQL Data Warehouse
Introducing Azure SQL Data Warehouse
 
Cloud Migration: Moving Data and Infrastructure to the Cloud
Cloud Migration: Moving Data and Infrastructure to the CloudCloud Migration: Moving Data and Infrastructure to the Cloud
Cloud Migration: Moving Data and Infrastructure to the Cloud
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security Architecture
 
Microsoft SQL Server - SQL Server Migrations Presentation
Microsoft SQL Server - SQL Server Migrations PresentationMicrosoft SQL Server - SQL Server Migrations Presentation
Microsoft SQL Server - SQL Server Migrations Presentation
 

Viewers also liked

Các giải pháp marketing nhằm nâng cao doanh thu tại công ty tnhh thương mại v...
Các giải pháp marketing nhằm nâng cao doanh thu tại công ty tnhh thương mại v...Các giải pháp marketing nhằm nâng cao doanh thu tại công ty tnhh thương mại v...
Các giải pháp marketing nhằm nâng cao doanh thu tại công ty tnhh thương mại v...Thu Vien Luan Van
 
OData - The Universal REST API
OData - The Universal REST APIOData - The Universal REST API
OData - The Universal REST APINishanth Kadiyala
 
DAY1- DAY2Netweaver gateway
DAY1- DAY2Netweaver gatewayDAY1- DAY2Netweaver gateway
DAY1- DAY2Netweaver gatewayGaurav Ahluwalia
 
SAP Fiori Development from Scratch
SAP Fiori Development from ScratchSAP Fiori Development from Scratch
SAP Fiori Development from ScratchJose Nunes
 
Planning learn step by step
Planning learn step by stepPlanning learn step by step
Planning learn step by stepksrajakumar
 
Microservices based Application Integration for SaaS, Hybrid Clouds and IoT
Microservices based Application Integration for SaaS, Hybrid Clouds and IoTMicroservices based Application Integration for SaaS, Hybrid Clouds and IoT
Microservices based Application Integration for SaaS, Hybrid Clouds and IoTBramh Gupta
 
MAHESH SAP FI NOTES
MAHESH SAP FI NOTESMAHESH SAP FI NOTES
MAHESH SAP FI NOTESgarry1890
 
Finit Hyperion Planning & PBCS Simplified User Interface
Finit Hyperion Planning & PBCS Simplified User InterfaceFinit Hyperion Planning & PBCS Simplified User Interface
Finit Hyperion Planning & PBCS Simplified User Interfacefinitsolutions
 
Gateway Deployment Options
Gateway Deployment OptionsGateway Deployment Options
Gateway Deployment OptionsGaurav Ahluwalia
 
Sap fiori ll11 – consultants should know about o data troubleshooting sap b...
Sap fiori ll11 – consultants should know about o data troubleshooting sap b...Sap fiori ll11 – consultants should know about o data troubleshooting sap b...
Sap fiori ll11 – consultants should know about o data troubleshooting sap b...Nagendra Babu
 
The Future of Application integration
The Future of Application integrationThe Future of Application integration
The Future of Application integrationRichard Seroter
 
Sap fico Study material
Sap fico Study materialSap fico Study material
Sap fico Study materialHabeeb Rahman
 
DAY1- DAY2Netweaver gateway
DAY1- DAY2Netweaver gatewayDAY1- DAY2Netweaver gateway
DAY1- DAY2Netweaver gatewayGaurav Ahluwalia
 
Integration: The $100 Billion Opportunity No One Wants to Talk About
Integration: The $100 Billion Opportunity No One Wants to Talk AboutIntegration: The $100 Billion Opportunity No One Wants to Talk About
Integration: The $100 Billion Opportunity No One Wants to Talk AboutBramh Gupta
 
DAY1- DAY2Netweaver gateway
DAY1- DAY2Netweaver gatewayDAY1- DAY2Netweaver gateway
DAY1- DAY2Netweaver gatewayGaurav Ahluwalia
 
SAP S/4 HANA - SAP sFIN (Simple Finance) - Financial Reporting and Advanced A...
SAP S/4 HANA - SAP sFIN (Simple Finance) - Financial Reporting and Advanced A...SAP S/4 HANA - SAP sFIN (Simple Finance) - Financial Reporting and Advanced A...
SAP S/4 HANA - SAP sFIN (Simple Finance) - Financial Reporting and Advanced A...Jothi Periasamy
 
SAP MM Configuration Step by Step guide by Tata Mcgraw hill
SAP MM Configuration Step by Step guide by Tata Mcgraw hillSAP MM Configuration Step by Step guide by Tata Mcgraw hill
SAP MM Configuration Step by Step guide by Tata Mcgraw hillVenet Dheer
 

Viewers also liked (20)

Các giải pháp marketing nhằm nâng cao doanh thu tại công ty tnhh thương mại v...
Các giải pháp marketing nhằm nâng cao doanh thu tại công ty tnhh thương mại v...Các giải pháp marketing nhằm nâng cao doanh thu tại công ty tnhh thương mại v...
Các giải pháp marketing nhằm nâng cao doanh thu tại công ty tnhh thương mại v...
 
OData - The Universal REST API
OData - The Universal REST APIOData - The Universal REST API
OData - The Universal REST API
 
DAY1- DAY2Netweaver gateway
DAY1- DAY2Netweaver gatewayDAY1- DAY2Netweaver gateway
DAY1- DAY2Netweaver gateway
 
Build an Application Integration Strategy
Build an Application Integration StrategyBuild an Application Integration Strategy
Build an Application Integration Strategy
 
SAP Fiori Development from Scratch
SAP Fiori Development from ScratchSAP Fiori Development from Scratch
SAP Fiori Development from Scratch
 
Planning learn step by step
Planning learn step by stepPlanning learn step by step
Planning learn step by step
 
Hyperion Planning Overview
Hyperion Planning OverviewHyperion Planning Overview
Hyperion Planning Overview
 
Microservices based Application Integration for SaaS, Hybrid Clouds and IoT
Microservices based Application Integration for SaaS, Hybrid Clouds and IoTMicroservices based Application Integration for SaaS, Hybrid Clouds and IoT
Microservices based Application Integration for SaaS, Hybrid Clouds and IoT
 
MAHESH SAP FI NOTES
MAHESH SAP FI NOTESMAHESH SAP FI NOTES
MAHESH SAP FI NOTES
 
Finit Hyperion Planning & PBCS Simplified User Interface
Finit Hyperion Planning & PBCS Simplified User InterfaceFinit Hyperion Planning & PBCS Simplified User Interface
Finit Hyperion Planning & PBCS Simplified User Interface
 
Gateway Deployment Options
Gateway Deployment OptionsGateway Deployment Options
Gateway Deployment Options
 
Sap fiori ll11 – consultants should know about o data troubleshooting sap b...
Sap fiori ll11 – consultants should know about o data troubleshooting sap b...Sap fiori ll11 – consultants should know about o data troubleshooting sap b...
Sap fiori ll11 – consultants should know about o data troubleshooting sap b...
 
The Future of Application integration
The Future of Application integrationThe Future of Application integration
The Future of Application integration
 
Sap fico Study material
Sap fico Study materialSap fico Study material
Sap fico Study material
 
DAY1- DAY2Netweaver gateway
DAY1- DAY2Netweaver gatewayDAY1- DAY2Netweaver gateway
DAY1- DAY2Netweaver gateway
 
Integration: The $100 Billion Opportunity No One Wants to Talk About
Integration: The $100 Billion Opportunity No One Wants to Talk AboutIntegration: The $100 Billion Opportunity No One Wants to Talk About
Integration: The $100 Billion Opportunity No One Wants to Talk About
 
CMMI an Overview
CMMI an OverviewCMMI an Overview
CMMI an Overview
 
DAY1- DAY2Netweaver gateway
DAY1- DAY2Netweaver gatewayDAY1- DAY2Netweaver gateway
DAY1- DAY2Netweaver gateway
 
SAP S/4 HANA - SAP sFIN (Simple Finance) - Financial Reporting and Advanced A...
SAP S/4 HANA - SAP sFIN (Simple Finance) - Financial Reporting and Advanced A...SAP S/4 HANA - SAP sFIN (Simple Finance) - Financial Reporting and Advanced A...
SAP S/4 HANA - SAP sFIN (Simple Finance) - Financial Reporting and Advanced A...
 
SAP MM Configuration Step by Step guide by Tata Mcgraw hill
SAP MM Configuration Step by Step guide by Tata Mcgraw hillSAP MM Configuration Step by Step guide by Tata Mcgraw hill
SAP MM Configuration Step by Step guide by Tata Mcgraw hill
 

Similar to SAP HANA Cloud Security

Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...Amazon Web Services
 
Cloud Computing: Its Applications and Security Issues (A Major Challenge in C...
Cloud Computing: Its Applications and Security Issues (A Major Challenge in C...Cloud Computing: Its Applications and Security Issues (A Major Challenge in C...
Cloud Computing: Its Applications and Security Issues (A Major Challenge in C...IRJET Journal
 
Palo Alto Networks: Protection for Security & Compliance
Palo Alto Networks: Protection for Security & CompliancePalo Alto Networks: Protection for Security & Compliance
Palo Alto Networks: Protection for Security & ComplianceAmazon Web Services
 
Vazata Federal IaaS
Vazata Federal IaaSVazata Federal IaaS
Vazata Federal IaaSftculotta27
 
Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...
Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...
Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...NetworkCollaborators
 
VMworld 2014: Virtualization 101
VMworld 2014: Virtualization 101VMworld 2014: Virtualization 101
VMworld 2014: Virtualization 101VMworld
 
IRJET - Data Security in Cloud Computing using Homomorphic Algoritham
IRJET - Data Security in Cloud Computing using Homomorphic AlgorithamIRJET - Data Security in Cloud Computing using Homomorphic Algoritham
IRJET - Data Security in Cloud Computing using Homomorphic AlgorithamIRJET Journal
 
A Secure Framework for Cloud Computing With Multi-cloud Service Providers
A Secure Framework for Cloud Computing With Multi-cloud Service ProvidersA Secure Framework for Cloud Computing With Multi-cloud Service Providers
A Secure Framework for Cloud Computing With Multi-cloud Service Providersiosrjce
 
MX Deep Dive PPT
MX Deep Dive PPTMX Deep Dive PPT
MX Deep Dive PPTomar awad
 
Security in a Virtualised Computing
Security in a Virtualised ComputingSecurity in a Virtualised Computing
Security in a Virtualised ComputingIOSR Journals
 
VMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use casesVMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use casesAngel Villar Garea
 
Horizontal Scaling for Millions of Customers!
Horizontal Scaling for Millions of Customers! Horizontal Scaling for Millions of Customers!
Horizontal Scaling for Millions of Customers! elangovans
 
Maintaining Trust & Control of your Data in the Cloud
Maintaining Trust & Control of your Data in the CloudMaintaining Trust & Control of your Data in the Cloud
Maintaining Trust & Control of your Data in the CloudAmazon Web Services
 
Maintaining Trust & Control of your Data in the Cloud
Maintaining Trust & Control of your Data in the CloudMaintaining Trust & Control of your Data in the Cloud
Maintaining Trust & Control of your Data in the CloudAmazon Web Services
 
Blbs prod-bloombase-store safe-product-brochure-uslet-en-r3
Blbs prod-bloombase-store safe-product-brochure-uslet-en-r3Blbs prod-bloombase-store safe-product-brochure-uslet-en-r3
Blbs prod-bloombase-store safe-product-brochure-uslet-en-r3Bloombase
 
Tools of noc
Tools of nocTools of noc
Tools of nocmunawarul
 

Similar to SAP HANA Cloud Security (20)

Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
 
Rik Ferguson
Rik FergusonRik Ferguson
Rik Ferguson
 
Cloud Computing: Its Applications and Security Issues (A Major Challenge in C...
Cloud Computing: Its Applications and Security Issues (A Major Challenge in C...Cloud Computing: Its Applications and Security Issues (A Major Challenge in C...
Cloud Computing: Its Applications and Security Issues (A Major Challenge in C...
 
Palo Alto Networks: Protection for Security & Compliance
Palo Alto Networks: Protection for Security & CompliancePalo Alto Networks: Protection for Security & Compliance
Palo Alto Networks: Protection for Security & Compliance
 
Vazata Federal IaaS
Vazata Federal IaaSVazata Federal IaaS
Vazata Federal IaaS
 
Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...
Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...
Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...
 
VMworld 2014: Virtualization 101
VMworld 2014: Virtualization 101VMworld 2014: Virtualization 101
VMworld 2014: Virtualization 101
 
IRJET - Data Security in Cloud Computing using Homomorphic Algoritham
IRJET - Data Security in Cloud Computing using Homomorphic AlgorithamIRJET - Data Security in Cloud Computing using Homomorphic Algoritham
IRJET - Data Security in Cloud Computing using Homomorphic Algoritham
 
I017225966
I017225966I017225966
I017225966
 
A Secure Framework for Cloud Computing With Multi-cloud Service Providers
A Secure Framework for Cloud Computing With Multi-cloud Service ProvidersA Secure Framework for Cloud Computing With Multi-cloud Service Providers
A Secure Framework for Cloud Computing With Multi-cloud Service Providers
 
MX Deep Dive PPT
MX Deep Dive PPTMX Deep Dive PPT
MX Deep Dive PPT
 
Security in a Virtualised Computing
Security in a Virtualised ComputingSecurity in a Virtualised Computing
Security in a Virtualised Computing
 
VMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use casesVMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use cases
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 
Horizontal Scaling for Millions of Customers!
Horizontal Scaling for Millions of Customers! Horizontal Scaling for Millions of Customers!
Horizontal Scaling for Millions of Customers!
 
Webinar hiware
Webinar hiwareWebinar hiware
Webinar hiware
 
Maintaining Trust & Control of your Data in the Cloud
Maintaining Trust & Control of your Data in the CloudMaintaining Trust & Control of your Data in the Cloud
Maintaining Trust & Control of your Data in the Cloud
 
Maintaining Trust & Control of your Data in the Cloud
Maintaining Trust & Control of your Data in the CloudMaintaining Trust & Control of your Data in the Cloud
Maintaining Trust & Control of your Data in the Cloud
 
Blbs prod-bloombase-store safe-product-brochure-uslet-en-r3
Blbs prod-bloombase-store safe-product-brochure-uslet-en-r3Blbs prod-bloombase-store safe-product-brochure-uslet-en-r3
Blbs prod-bloombase-store safe-product-brochure-uslet-en-r3
 
Tools of noc
Tools of nocTools of noc
Tools of noc
 

More from Gaurav Ahluwalia

Agile Methodologies in SAP
Agile Methodologies in SAPAgile Methodologies in SAP
Agile Methodologies in SAPGaurav Ahluwalia
 
259881368-Gartner-Research-ERP
259881368-Gartner-Research-ERP259881368-Gartner-Research-ERP
259881368-Gartner-Research-ERPGaurav Ahluwalia
 
2015-cloud-security-report-q2
2015-cloud-security-report-q22015-cloud-security-report-q2
2015-cloud-security-report-q2Gaurav Ahluwalia
 
Event Stream Processing SAP
Event Stream Processing SAPEvent Stream Processing SAP
Event Stream Processing SAPGaurav Ahluwalia
 
SAP Self Services Technologies Going Forward
SAP Self Services Technologies Going ForwardSAP Self Services Technologies Going Forward
SAP Self Services Technologies Going ForwardGaurav Ahluwalia
 

More from Gaurav Ahluwalia (6)

Agile Methodologies in SAP
Agile Methodologies in SAPAgile Methodologies in SAP
Agile Methodologies in SAP
 
259881368-Gartner-Research-ERP
259881368-Gartner-Research-ERP259881368-Gartner-Research-ERP
259881368-Gartner-Research-ERP
 
2015-cloud-security-report-q2
2015-cloud-security-report-q22015-cloud-security-report-q2
2015-cloud-security-report-q2
 
Event Stream Processing SAP
Event Stream Processing SAPEvent Stream Processing SAP
Event Stream Processing SAP
 
Git Hub Platform
Git Hub PlatformGit Hub Platform
Git Hub Platform
 
SAP Self Services Technologies Going Forward
SAP Self Services Technologies Going ForwardSAP Self Services Technologies Going Forward
SAP Self Services Technologies Going Forward
 

SAP HANA Cloud Security

  • 1. Page 1 SAP CLOUD SECURITY By Gaurav Ahluwalia
  • 2. Page 2 INTRODUCTION Information Security is not just a buzzword for the SAP Security, Risk & Compliance Office – it‘s our daily work, our passion, and the principle that drives us. We strive to provide the best security and data protection possible to SAP and our customers. Each customer is treated as if they were our only customer. That‘s the kind of commitment and importance we work to achieve - every single day. We have consistently certified to internationally recognized standards such as ISO 9001 for Quality Management or ISO 27001 for Information Security, provide SOC1 and SOC2 reports twice a year along with using industry accepted best practices such as COBIT or the ISF Standard of Good Practice for Information Security to assure the best possible security and risk management approach. You can rest assured that your information is in good, experienced hands. Information security, sometimes shortened to InfoSec, is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. It is a general term that can be used regardless of the form the data may take (e.g. electronic, physical). Sometimes referred to as computer security, information technology security is information security applied to technology (most often some form of computer system). It is worthwhile to note that a computer does not necessarily mean a home desktop. A computer is any device with a processor and some memory. Such devices can range from non-networked standalone devices as simple as calculators, to networked mobile computing devices such as smartphones and tablet computers. IT security specialists are almost always found in any major enterprise/establishment due to the nature and value of the data within larger businesses. They are responsible for keeping all of the technology within the company secure from malicious cyber-attacks that often attempt to breach into critical private information or gain control of the internal systems.
  • 3. Page 3 Figure Information Security Attributes: or qualities, i.e., Confidentiality, Integrity and Availability (CIA).
  • 4. Page 4 HANA ENTERPRSE (HEC)- HIGH LEVEL OVERVIEW #: Refers to one customer MPLS: Multiprotocol Label Switching VPN: Virtual Private Network The fundamental security architecture of the HEC infrastructure is the principal of a private cloud. This means customer will receive an isolated, logical grouping of several Virtual Machines and physical systems. All customer networks are completely isolated from each other. HEC administrative tasks will be done using management networks.
  • 5. Page 5 The Clouds #1, #2, #3 are the clouds for customer. There would be a shared administrative infrastructure jargon available for example tape drives or the hardware modules used to take backup. Networking resources and there would be a admin firewall available which bridge between SAP Corporate Networks (the real SAP Guys) which log on the HEC and check its healthy state. Customer specific clouds would be alien to each other won’t be interacting with each other until otherwise have a specific interfacing exist for business needs. In short there would virtualization of every instance and there would minimal downtimes on the Virtual Clouds. As the whole architecture would be very robust corresponding to Tier quality as a datacenter which inturn hit costs and pockets of the customer. Cloud hosting of business is not new, pricing around a Google cloud a sample pricing sheet for apps engine. Resource Unit Unit cost (in US $) Standard Runtime Instances* Instance hours $0.05 Outgoing Network Traffic Gigabytes $0.12 Incoming Network Traffic Gigabytes Free Datastore Storage Gigabytes per month $0.18 Blobstore, Logs, and Task Queue Stored Data Gigabytes per month $0.03 Dedicated Memcache Gigabytes per hour $0.06 Logs API Gigabytes $0.12 SSL Virtual IPs** (VIPs) Virtual IP per month $39.00 Sending Email, Shared Memcache, Cron, APIs (URLFetch, Task Queues, Image, Sockets, Files, Users, and Channel) No Additional Charge Keenly looking at the sheet shows you low costs for running your IT solution at high availability which can further put down the total cost of ownership TCO for the IT solution. Cloud computing for SAP would put down the big maintenance cost to different outsourcing partners for Hardware, Software AMC and other consulting charges which client bear for running a healthy SAP systems.
  • 6. Page 6 Client might give HECs service provider (PaaS) a lump sum cost to run the sap system as a whole. HEC might bring into action an app based approach for SAP. Figure: Your deployed application in HANA cloud platform. So if you want to do a small rollout you can precisely give out AMC’s on the number HTML5 apps you would be developing on HCP as SAP partner and package your code in BSP application. This code might talk to your native SAP or Successfactors or Hybris whatever is the underlying mother system exist for HANA. Security concerns around these small extension apps would an issue to research. Right now SAP is supporting
  • 7. Page 7 all the new authentication technologies like OAUTH, SAML2 single sign on. Kerberos tokens, X509 client certificates. Following is an overview of SAP HANA Cloud Platform Figure: Features of Hana Cloud Platform --- We can create extension apps on every engine in platform.
  • 8. Page 8 HANA ENTERPRSE (HEC)- HIGH LEVEL OVERVIEW CONTD.. Following figure shows much in details of hana cloud with descriptions.
  • 9. Page 9 HANA ENTERPRISE CLOUD (HEC) - DETAILS Details for Customer Landscapes
  • 10. Page 10 HANA VIRTUALIZATION TECHNOLOGY AND SECURITY Virtualization technologies like VMware vSphere,  High Availability reduces unplanned downtime and provides higher service levels for applications. In the event of an unplanned hardware failure, affected virtual machines automatically restart on another host in the vSphere cluster. • Automation. VMware’s automated load balancing takes advantage of vMotion and Storage vMotion to migrate virtual machines among a set of VMware ESXi™ hosts. VMware vSphere Storage DRS and DRS allow automatic resource relocation and optimization for virtual machines and related storage. • Provisioning. VMware virtualization encapsulates an application into an image that can be duplicated or moved, which greatly reduces the cost of application provisioning and deployment Figure: VMware vSphere virtual infrastructure
  • 11. Page 11 INSTRUCTION ISOLATION Figure: Instruction Isolation
  • 12. Page 12 MEMORY ISOLATION Figure: Memory Isolation Figure: Transparent Page Sharing – Page-Content Hashing
  • 13. Page 13 I/O REMAPPING Figure: I/O Remapping -- Data Paths via the Hypervisor and DirectPath I/O
  • 14. Page 14 Resource Provisioning, Shares, and Limits. In a virtualized environment, resources are shared among all virtual machines. But because system resources can be managed, it enables use limits on virtual machines. NETWORK ISOLATION Figure: Increasing Sensitivity of Networks in Virtual Infrastructures Figure: Network Isolation Through the use of a virtualized network controller (vNIC)–level firewall, a virtual machine can be isolated from other virtual machines, even on the same switch (layer 2 isolation).
  • 15. Page 15 STORAGE ISOLATION Figure. Virtual Firewall at the vNIC Level Figure NFS and Block Storage I/O
  • 16. Page 16 HANA ENTERPRISE CLOUD (HEC) – DETAILS CONTD.. Details for Network Integration
  • 17. Page 17 HANA ENTERPRISE CLOUD (HEC) - DETAILS Details for Public Internet Access
  • 18. Page 18 BITS AND PIECES OF REVERSE PROXY FARMS This diagram show a bit network for reverse proxy farms setup inside HECs for different client clouds given every domain name of the client is different.
  • 19. Page 19 FEATURES OF HANA ENTERPRISE CLOUD SECURITY  Advanced IT Security Architecture, o Isolated, separated Landscape per Customer o Security hardened Systems  Secure Operations – o Asset Management o Change Management o Incident Management o Anti-Virus & Malware Management o Backup / Restore Management o Identity & Access Management o Security Awareness Trainings  Security measures are audited and confirmed through various Certifications & Attestations – o ISO Certificates o  ISO9001 Quality Management System o  ISO27001 Information Security Management System o SOC1 (ISAE3402/SSAE16) Type I & Type II o SOC2 Type I & Type II o Industry specific Certificates (on demand with business case foundation)  Network Security o Network Filtering o Intrusion Prevention Systems
  • 20. Page 20 o Web Application Firewall o 2-factor Authentication o Network Admission Control – Proxies with Content Filtering o Advanced threat management  Physical Security o Video and Sensor Surveillance o Access Logging o Security Guards o Fire Detection and Extinguishing System o Uninterruptible Power Supply o Biometric Access Control in certain Locations  Threat & Vulnerability Management o Security Patch Management o Penetration Testing o Vulnerability Scanning o 24 x 7 Security Monitoring Center  Customer data flow control o Regional Data Storage (e.g. EU-, US-Cloud) o European data protection and privacy policy
  • 21. Page 21 DATA CENTER – SECURITY REQUIREMENTS SAP Cloud Solutions and Customer Data needs to be operated in a: SAP Tier Level III, III+ or IV classified Data Center. SAP checks on site the compliance to the SAP Data Center minimum physical security standard that covers topics like: o Perimeter & Location security o Building entry point security o Building Security o Access Controls & Monitoring o General access and o Access to dedicated SAP areas o Fire Protection o Electrical Power supply o Certifications of the DC Provider
  • 22. Page 22 Minimum availability requirements Tier I Tier II Tier III Tier III+ Tier IV Stand-alone Data Center building necessary no no no yes yes Amount of external electrical power suppliers. 1 1 1 1 2 Amount of transformers to power the Data Center n n n + 1 n + 1 2n UPS Battery System necessary no yes yes yes yes Minutes UPS must provide power 0 5 >10 >10 >10 Amount of UPS Systems necessary n n n + 1 n + 1 2n (Diesel-) Generators needed no no yes yes yes Amount of cooling systems needed n n n + 1 n + 1 2n Server cooling is independent from an office AC no no yes yes yes Fire detection system needs to be installed yes yes yes yes yes Fire extinguishing system must be installed no yes yes yes yes On-site response time of Data Center personnel <48h <8h <1h <1h <1h Available WAN network connection lines 1 n + 1 n + 1 n + 1 2n Available LAN network connection lines N n + 1 n + 1 2n 2n Data center security requirements for SAP.
  • 23. Page 23 HEC DATACENTERS Current Status Tier Level & Certifications
  • 24. Page 24 WHY HANA ENTERPRISECLOUD (HEC) IS BETTER SAP has a long-standing tradition in security of its solutions and takes demands from customers on cloud security very seriously. a) Strong collaboration between Security, Operations and Product Development team. o Strong collaboration of Product Security team and Operations Security team ensures proper security and compliance implemented in HEC products. o Identified issues are directly communicated into Product Development team to ensure immediate fixes. o Strong collaboration of Security team and Operations team ensures proper definition of security requirements individually per Cloud product within HEC. o Security team consults the Operations team in defining and implementing the security measures per asset individually. o Regular monitoring ensures timely identification of issues. b) Multi Layers of defense to protect our Customer’s data.
  • 25. Page 25 c) Holistic Security & Compliance approach: integrated, monitored and validated by external audits. o HEC leverages a multi-dimensional security and compliance approach to establish and maintain state-of-the-art Security & Compliance. o The following two slides describe the key aspects of the holistic Security & Compliance Approach. o Protection Goal i. Security (CIA) HEC focuses on confidentiality and integrity of data as well as availability of customer systems and central infrastructure. ii. Data Protection HEC is fully committed to data protection and privacy. SAP is a global company with its headquarters in Germany, which is a member of the European Union (EU). Therefore our Policy is based on definitions of European Data Protection legislation and defines the basic principles applicable for every SAP entity *). HEC respects data protection and privacy rights and safeguards any Personal Data of our customers. o IP Protection HEC in addition focuses on the protection of your intellectual property. Access to data is strictly limited according the need-to-know-principle. Strict separation of customer systems is understood!
  • 26. Page 26 o Demands & Enforcement – i. Requirements / Measures --- SAP has a strict policy framework which is broken down into detailed technical procedures for operations. ii. Monitoring --- Regular monitoring ensures timely identification of deviations and initiates fixes quickly. iii. Audits i. During the Compliance & Certification Audits we ask external experts to verify our security effectiveness. ii. Through regular supplier audits, we ensure the security effectiveness of suppliers and sub-contractors. o Scoping – i. Technology- a. Secure operability of HEC products is monitored. Issues are directly addressed to Product Development team. b. Our security scope covers all infrastructure components and tools required to operate and manage HEC. ii. Processes- All relevant processes for cloud product development and cloud operations are within the security scope. iii. People- Regular training and evaluation is key to ensure proper operations of HEC. d) Customer can select the region of data storage. a. The physical storage of customer data is crucial to numerous enterprises. Therefore, our HEC customers can choose if their data is stored in cloud data centers located in the USA or in Europe. b. The general rule is: We have clear and company-wide guidelines in place that define, how we respond to requests for customer data coming from law enforcement authorities and regarding national security concerns. We take our commitment to our
  • 27. Page 27 customers and legal compliance very seriously. Customer data is only shared if the request is legally valid. Our legal department evaluates every inquiry in detail. In addition, we will question a request if there are grounds for assuming that they are not in conformity with the law. CLOUD SECURITY GOVERNANCE / BUILD ONE DELIVERY – INTERNAL CONTROLS Compliance & Processes
  • 28. Page 28  Integrated Information Security Management System (acc. ISO27001)  Controls embedded into operational processes and procedures  Process Managers located within the delivery unit  Training is provided on regular basis to ensure proper implementation  Control effectiveness is regularly tested  Compliance audits performed twice per year  ISO audits performed on annual basis Certification Overview & Roadmap Certifications/ Attestations Roadmap Certifications and Attestations SAP Cloud Offering SOC1/ISAE3402 SOC 2 ISO27001 OthersType I Type II Type I Type II SAP Business by Design SAP Cloud for Customer SAP Cloud for Financials SAP Cloud for Sales SAP Cloud for Service SAP Cloud for Social Engagement SAP Cloud for Travel & Expense
  • 29. Page 29 HANA Enterprise Cloud ISO9001; planned for Q4/2014: ISO22301 Ariba cloud solutions from SAP PCI-DSS, Webtrust, SafeHarbor Ariba - Quadrem cloud solutions from SAP WebTrust SuccessFactors cloud solutions from SAP SafeHarbor SAP People Cloud Solutions - Employee Central SafeHarbor SAP People Cloud Solutions - Employee Central Payroll SafeHarbor SAP HANA Cloud Platform & Portal SAP HANA Cloud Portal Legend Colors Certification available Certification planned for 2014: Certification planned for 2016: Certification not applicable: May be added in future:
  • 30. Page 30 Certifications / Attestations Purpose SOC1 / ISAE 3402 / SSAE16 Report on a service organizations internal controls that are likely to be relevant to an audit of a customer’s financial statements. (former SAS 70) SOC 2 Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy. Can be handed out to customers and prospects, use/distribution may be restricted. SOC 3 Trust Services Report for Service Organizations. Used for marketing purposes, unrestricted use/distribution. ISO 27001 Certification of a Information Security Management System. Used for marketing purposes, certification can be officially published. ISO 9001 Certification of a Quality Management System Used for marketing purposes, certification can be officially published. PCI-DSS Required for customers: who handle cardholder information for debit, credit, prepaid, e-purse, ATM, and POS cards