SlideShare a Scribd company logo

Securing Your Digital Transformation: Cybersecurity and You

SAP Ariba
SAP Ariba

The digital transformation journey supported by SAP enables our customers to increase business agility, pursue innovation, and demonstrate growth. Cybersecurity is essential to a successful digital transformation and continues to be even more critical as our integrated suite of SAP Ariba solutions drives technologies to promote connected commerce. Join us in this engrossing session as we outline critical steps to securing your organization’s digital transformation.

Business
1 of 24
PUBLIC Lakshmi Hanspal, Chief Security Officer, SAP Ariba Trust Office (SAP) Gonzalo Bas, Business Security Specialist, SAP Ariba Trust Office (SAP) June 2017 Securing Your Digital Transformation: Cybersecurity and You
2PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Smart SecureSimple
3PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Decision makers today have two fundamental choices to address their business need Business need Source globally, digitalize collaboration, execute business transactions efficiently Choice Traditional application  Deploy application on-premise or in-house  Use phone/e-mail/letters/meetings to collaborate  Send and receive documents via e-mail/fax/paper/EDI  Leverage out-of-band channels for invoicing and payments Networked solution  Deploy application in cloud  Invite partners to collaborate throughout the process  Exchange documents electronically through business network  Leverage integrated channels and achieve transparency in invoicing and payments
4PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ A network approach is attractive, but companies need to protect their data and their business relationships Protect personal data  Achieve legal compliance such as fulfilling data protection requirements  Ensure information relating to individuals is protected in storage and processing Protect trade secrets  Store business data safely  Transmit transactional data securely  Prohibit unauthorized access to data
5PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ  Securing the software development lifecycle  Guarding your data against internal and external risks  Access through least privilege/“need-to-know basis”  Environment segmentation and demarcation  Resiliency as core competency  High availability, monitoring, and business continuity Trust model for cloud providers Cloud providers should leverage a holistic, multidimensional approach to establish and maintain state-of-the-art security and privacy. Security and privacy Technology Processes People Scoping
6PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Protecting commerce in the cloud – build secure, run secure, be secure Business enablement  Customer collaterals  Contracts and RFPs  Trend analysis Privacy  Data protection  Regulations  Incident response Governance  Policies and standards  Compliance and audit  Risk management  Training and awareness Ecosystem  Application  Data  Secure development  Pen testing  Solution integration Architecture and engineering  Solution architecture  Infrastructure and network  Security engineering  Tools engineering Security operations  Vulnerability management  Incident management and response  Event correlation  Emerging threats
7PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ SAP Ariba secure software development to holistically integrate secure development principles in accordance with ISO 27034-1 Build secure products – SAP Ariba secure development lifecycle 1 Security validation Security response Secure develop- ment Security testing Risk assess- ment Security planning Security training 2 3 4 5 6 7 Integrate DeployCode PackageDesign
8PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Build secure products – security training Information security fundamentals Payment Card Industry (PCI-DSS) basics Secure programming (OWASP Top 10) Data protection and privacy Coming in 2017 Security expert curriculum Coming in 2017
9PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Build secure products – Software Security Champion program  Minimum 3 to 5 years of software development experience  Passion for security, “thinks like a hacker”  Willingness to take additional security training  Rotation every 6 months between primary and backup  Role activities should link to 10%–15% of the person’s goals  Enforce the SAP Ariba secure development lifecycle  Become the static and dynamic tools expert on your team  Be the advocate for security within your core development team  Conduct architecture security analysis and threat modeling sessions  Attend monthly meetings with larger Security Champion/Product Security team  Share gained security knowledge with other developers  Act as the eyes and ears of the Product Security team Responsibilities RoleRequirements
10PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Run secure – security risk assessment  Third-party vendor review  Data privacy impact assessment  Product security early engagement questionnaire  Privacy and legal review  Threat modeling  Product risk profile report  Completed engagement questionnaire  Completed privacy impact assessment  Certification requirements  List of third-party software  List of applicable laws and regulations  Business software requirements  Data flow diagrams  Threat modeling reports  Risk matrix for threats  Risk mitigation plan  Threat profile report Activities Deliverables
11PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Run secure – vendor/subprocessor oversight SAP Ariba Cloud Unit to identify all vendors or subprocessors with access to sensitive personal, business, or confidential information via production environment. SAP Ariba Cloud Unit to identify all vendors or subprocessors with access to sensitive personal, business, or confidential information via production environment. Update list when new vendors or subprocessors are contracted. Revaluate vendors and subprocessors based upon associated risk ratings or at the time of contract renewal. Identify Evaluate Maintain
12PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Run secure – third-party risk assessments SA01 Has your site been audited by an outside agency (SysTrust, WebTrust, PCI-DSS, SAS-70 Type II, BS7799, ISO or other)? If so, how often do you get audited? Provide audit report(s) SA02 Do you perform internal audits? If so, who conducts them and how often? Provide audit report(s). PP01 Does an Information Security Policy/Plan exist? If so, please provide a copy. PP02 Who is responsible for maintaining and enforcing this policy/plan? PP03 Does an information classification and protection policy exist? Security assessments Policy and procedures PS01 What is the location of the data center? PS02 How is access to the building controlled? PS03 Are any areas of the building open to the public? PS04 Is there a 24x7 guard presence on site? PS05 Do surveillance cameras monitor the building entrances and emergency exits? PS06 Do surveillance cameras monitor other areas of the data center? PS07 Describe the type of surveillance cameras used (CCTV, network cameras, etc.). PS08 What type of authentication method is used for access to the building? PS09 What type of authentication method is used for access to the data center? PS10 Are staff required to wear photo identification badges at all times? PS11 Are bags, boxes and other packages inspected prior to being permitted in the facility? PS12 What work-around methods exist for access to the buildings in the event the above access methods fail? PS13 Are guests/visitors permitted into the data center? If so, what is the procedure for identification and authorization? PS14 Are guests/visitors allowed unescorted access to any portion of the building? PS15 What other physical security controls are in place for entrance into the data center? PS16 Are systems in the data center protected by a cage to prevent unauthorized tampering? PS17 Is the building shared with other tenants? PS18 What controls are in place for receiving deliveries destined for the data center? PS19 What controls are in place for the removal of equipment from the data center? PS20 How many personnel have physical access to the systems? Provide role of these individuals. Physical security controls Environmental controls EC01 What type of fire suppression is used within the data center? EC02 What type of fire detection is used within the data center? EC03 How is temperature and humidity monitored and controlled in the data center? EC04 Are there redundant power supplies? EC05 Are backup generators present to protect against long-term power failure? If so, how long can operations be sustained on backup generators before refueling? Do you have contracts for fuel supply in the event of an emergency? EC06 Can building environmental systems be managed remotely? IR01 Is there a Computer Security Incident Response Team (CSIRT) and plan in place? IR02 Is the CSIRT plan tested on a regular basis? If so, give the last date the plan was tested? IR03 Do you have a policy for customer notification of security incidents? If so, please provide a copy. IR04 Describe the process for notifying customers in the event of a security incident? IR05 What intrusion detection systems are currently in place? IR06 How are alerts received and managed? IR07 Have you had any successful attempts to compromise a system? Any failed attempts? IR08 How do you currently protect against denial of service attacks? IR09 Do you conduct penetration testing of your environment on a regular basis? IR10 Are IDS and firewall logs monitored and reviewed? How often? How long are IDS and firewall logs maintained? Incident response
13PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Run secure – third-party risk assessments DR01 Is there a disaster recovery plan in place? If so, please provide a copy. DR02 What are your procedures for updating the plan? DR03 What is the schedule for testing and training on the plan? DR04 When was the last drill performed? DR05 What critical systems are covered by the plan? DR06 What systems are not covered by the plan? DR07 What are the procedures for activating the plan? DR08 How are inventories of critical systems maintained? DR09 Are there formal backup procedures documented? DR10 Describe your backup policy? DR11 Do you have an offsite storage agreement in place? If so, with whom? DR12 Who has access to the backup tapes? DR13 Is your site insured? If so, with whom and describe the coverage. LA01 Please describe your administrative/super user login procedures? LA02 How is password security managed? LA03 Please describe your password policy? What is the minimum number of characters? What level of complexity is required (letters, numbers, symbols, etc.)? What is the password history? How often must passwords be changed? LA04 How are passwords stored and transmitted? LA05 How are passwords communicated to users? LA06 Do your systems support a lockout mechanism for failed login attempts? If so, please describe. LA07 Do you use a 2-factor authentication mechanism? If so, please describe. LA08 Is user access controlled by groups or roles? If so, please describe. LA09 Do procedures exist to disable access for terminated users? LA10 Is there a procedure to periodically audit user accounts? LA11 Are changes in user account privileges logged? LA12 Do you have separation of duties when it comes to administrative access to your systems? Logical access controls Risk management controls RM01 Is there a documented risk management plan with written procedures? RM02 How often are risk assessments performed? RM03 Please describe your risk assessment process? OS01 Do you have 24x7 support? Please describe the escalation path. Is a live person available at all hours? OS02 How do you monitor your environment? OS03 Describe your policy for delivering post mortem details after an outage. OS04 Do you have multiple internet providers? OS05 What are the terms of your SLA? How do you measure your performance against it? OS06 What are your maintenance windows? OS07 Describe your procedures for notifying customers of downtime, both planned and unplanned. OS08 Do you support an encrypted interface with your systems like SSL? OS09 Do you provide an online management tool for our account? OS10 Please describe the technical capabilities of the on call staff. Operational support Disaster recovery controls
14PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Run secure – advanced secure protocol and ciphers Note: The front-door servers with the advanced configuration will be accessed with different URLs than the Web servers with the legacy security configuration. Users Client connections from:  Browsers  System interfaces Includes:  Buyers  Suppliers  On-premise to Ariba Network DMZ network Private network Front-door Web servers with the legacy security configuration Front-door Web servers with the advanced security configuration SAP Ariba on-demand products and services Includes:  Upstream  Downstream  Ariba Network Firewall Firewall
15PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Run secure – EU General Data Protection Regulation (GDPR) Replaces EU Data Protection Directive (1995) and harmonizes data privacy laws across Europe Requirement Implementation  Transparency and accountability (Articles 5, 24, 30)  Privacy impact assessment (Article 35)  Data inventory (classification) and documentation (data flow; encryption, anonymization, access control, edit/ read log etc.) For products and services processing customer data  Gap analysis, mitigation and noncompliance risk  Privacy by design/ impact assessment  Data portability (30 days)/ deletion/ retention  Data breach (72 hr) involvement from DPA/ EDPB/individual  Subprocessor process and inventory (classification)  Privacy statement and Web site (consent for collecting PII; for example, asgeo/IP address, noninteractively, cookie inventory, method of tracking and messaging)  Training and communications  Certification – SSAE 16 SOC 2 Privacy, ISO 27018 (needs 27001)  Record of processing activities (Article 30)  Data protection by design and default (Article 25)  Special categories – enhancement (Article 9)  Automated decision taking and profiling (Article 22)  Data subject rights (Articles 15, 17, 20)  Data breaches and notification (Articles 33, 34)  Using service providers (Article 28)  Data subject rights (Articles 15, 17, 20)  Information notices (Articles 12, 13, 14)  Consent (Articles 4, 6, 7, 8, 9) Prep Analysis & design Legal requirements: GDPR implementation Jul Aug Sep Oct Nov Dec Q1/Q2 2016 2017 2018 May 25: GDPR effective GDPR compliance checks
16PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Be secure – protecting commerce in the cloud 2016 2017 2018 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Upgrade legacy to SHA-2 compliance Q1 2017 Ariba Network encryption Q2 2017 Key management – software vault Q3 2017 Customer adoptionAdvanced front door Q4 2016 Customer adoptionQ4 2016Downstream data encryption Q2 2016 Upstream data encryption Customer adoption Key management – hardware vault (HSM) Q4 2017
17PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ  Corporate decisions on how risk must be managed (strategy, principles, policies, standards. …)  Knowing how much risk the organization is willing to accept (risk tolerance/appetite)  An understanding of who accepts risk on behalf of the organization (understanding and adherence)  A method or process to understand the risk and how to deal with it (risk assessments, risk treatment)  Knowing what needs to be protected (inventory, information classification)  A method to effectively communicate responsibilities and obligations (escalate risks and decisions)  A comprehensive and balanced set of requirements  A method and process for managing everyone’s expectations (sign-off)  A common framework to put it all together. Be secure – effective risk management Information security needs to be a continuously operating management system
18PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Data breach Policy and compliance Third party App compromise Cyber attacks Infrastructure breach  Encryption (disk, application)  Access control  Data leakage protection (DLP)  Deletion  SIEM/event detection  Vulnerability assessment/scans  Threat intel  Containment capability  Event response Be secure – risk categories and controls  Subprocessor data center audit findings  Third-party MDPA/DPQ outliers  Third-party information system security  Review outliers  Audit findings  Policy/procedure adherence/gaps  Policy exceptions  Training and awareness  SDLC  Penetration testing  Encryption between tiers  Physical security  Access management  Configuration management  Patching  Asset management
19PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Be secure – building assurance via attestation Code of practice ISO 27002 Transparency Service delivery ISO 20000 Business continuity ISO 22300 Application security ISO 27034 OWASP Hardening guidelines CIS, RAPID7, SANs, ISO CERT, NIST Quality management ISO 9000 ISO25010 Destruction of media ISO 27040 Incident management ISO 27035 Data protection Safe Harbor BS 10012 Data privacy BDSG EU Directive 95/46/EC; GDPR Certification ISO 22301, ISO 9001, ISO27001, ISO 27018 Operations and compliance (including IP) SOC 2, SOC 3 (AT 101 / ISAE 3000), IRAP Financial controls SOX, SOC 1 (SSAE16 / ISAE 3402), PCI Privacy Security best practice Foundation
20PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Be secure – protecting customer personal and business data  Validating security and privacy practices and providing confidence in the use of third parties  Approach consistent with other cloud companies Building and maintaining trust  Demonstration of proactive compliance with regulators  Common framework for other standards, regulatory requirements  Reduced liability risk Compliance and legal requirements  Management accountable for committing (time, effort, funding, resources, and more) to data protection  Management accountable to select controls based on risk acceptance and enforce those controls within the organization Management commitment  Increased awareness of data protection within the organization  Appropriate protection of cloud assets  Efficiencies gained through repeatable processes for compliance monitoring; effectiveness of controls measured and reported Continual improvement
21PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ In case  You accidently send your data to the wrong recipient  Your coworker notifies you of e-mailing sensitive data to the wrong recipient  You notice a security issue in an application that may expose your data to others  You are not sure if there is a security issue, but believe there could be one Contact ariba.secops@sap.com with the relevant information immediately. We may be contractually bound to report incidents to appropriate parties and timing is critical. Protecting customer data – how can you help?
22PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Securing your digital transformation Cyberdefense Multilayers of defense Holistic: Prevent, detect, remediate Comprehensive contracts Privacy, security framework applicable local regulations Independent audits Service organization report Certifications Secure cloud model Holistic approach Secure architecture Build secure, run secure, be secure
23PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Please Complete Session Survey Locate Session Click Surveys Button Select Breakout Survey Rate Session
Thank you. Contact information: Lakshmi Hanspal Gonzalo Bas Chief Security Officer Business Security Specialist SAP Ariba Trust Office (SAP) SAP Ariba Trust Office (SAP) lakshmi.hanspal@sap.com gonzalo.bas@sap.com @lakshmihanspal

Recommended

ThyssenKrupp's Procurement Transformation: Minimizing Direct Materials Contra...
ThyssenKrupp's Procurement Transformation: Minimizing Direct Materials Contra...ThyssenKrupp's Procurement Transformation: Minimizing Direct Materials Contra...
ThyssenKrupp's Procurement Transformation: Minimizing Direct Materials Contra...
SAP Ariba
 
Complex Services Simplified with Ariba Network
Complex Services Simplified with Ariba NetworkComplex Services Simplified with Ariba Network
Complex Services Simplified with Ariba Network
SAP Ariba
 
Securing Your Digital Transformation: Cybersecurity and You
Securing Your Digital Transformation: Cybersecurity and YouSecuring Your Digital Transformation: Cybersecurity and You
Securing Your Digital Transformation: Cybersecurity and You
SAP Ariba
 
Meeting the Needs for Global Success: Globalization with SAP Ariba Solutions
Meeting the Needs for Global Success: Globalization with SAP Ariba SolutionsMeeting the Needs for Global Success: Globalization with SAP Ariba Solutions
Meeting the Needs for Global Success: Globalization with SAP Ariba Solutions
SAP Ariba
 
Use SAP Ariba Solutions as a Natural Extension of Your ERP Software
Use SAP Ariba Solutions as a Natural Extension of Your ERP SoftwareUse SAP Ariba Solutions as a Natural Extension of Your ERP Software
Use SAP Ariba Solutions as a Natural Extension of Your ERP Software
SAP Ariba
 
Strategic Procurement at BASF: Transforming Strategic Supplier Management at ...
Strategic Procurement at BASF: Transforming Strategic Supplier Management at ...Strategic Procurement at BASF: Transforming Strategic Supplier Management at ...
Strategic Procurement at BASF: Transforming Strategic Supplier Management at ...
SAP Ariba
 
Transform Procurement with the SAP S/4HANA Digital Core and SAP Ariba Solutions
Transform Procurement with the SAP S/4HANA Digital Core and SAP Ariba SolutionsTransform Procurement with the SAP S/4HANA Digital Core and SAP Ariba Solutions
Transform Procurement with the SAP S/4HANA Digital Core and SAP Ariba Solutions
SAP Ariba
 
Ariba Network: Supply Chain Today, Vision 2017, and Beyond
Ariba Network: Supply Chain Today, Vision 2017, and BeyondAriba Network: Supply Chain Today, Vision 2017, and Beyond
Ariba Network: Supply Chain Today, Vision 2017, and Beyond
SAP Ariba
 

Recommended

ThyssenKrupp's Procurement Transformation: Minimizing Direct Materials Contra...
ThyssenKrupp's Procurement Transformation: Minimizing Direct Materials Contra...ThyssenKrupp's Procurement Transformation: Minimizing Direct Materials Contra...
ThyssenKrupp's Procurement Transformation: Minimizing Direct Materials Contra...
SAP Ariba
 
Complex Services Simplified with Ariba Network
Complex Services Simplified with Ariba NetworkComplex Services Simplified with Ariba Network
Complex Services Simplified with Ariba Network
SAP Ariba
 
Securing Your Digital Transformation: Cybersecurity and You
Securing Your Digital Transformation: Cybersecurity and YouSecuring Your Digital Transformation: Cybersecurity and You
Securing Your Digital Transformation: Cybersecurity and You
SAP Ariba
 
Meeting the Needs for Global Success: Globalization with SAP Ariba Solutions
Meeting the Needs for Global Success: Globalization with SAP Ariba SolutionsMeeting the Needs for Global Success: Globalization with SAP Ariba Solutions
Meeting the Needs for Global Success: Globalization with SAP Ariba Solutions
SAP Ariba
 
Use SAP Ariba Solutions as a Natural Extension of Your ERP Software
Use SAP Ariba Solutions as a Natural Extension of Your ERP SoftwareUse SAP Ariba Solutions as a Natural Extension of Your ERP Software
Use SAP Ariba Solutions as a Natural Extension of Your ERP Software
SAP Ariba
 
Strategic Procurement at BASF: Transforming Strategic Supplier Management at ...
Strategic Procurement at BASF: Transforming Strategic Supplier Management at ...Strategic Procurement at BASF: Transforming Strategic Supplier Management at ...
Strategic Procurement at BASF: Transforming Strategic Supplier Management at ...
SAP Ariba
 
Transform Procurement with the SAP S/4HANA Digital Core and SAP Ariba Solutions
Transform Procurement with the SAP S/4HANA Digital Core and SAP Ariba SolutionsTransform Procurement with the SAP S/4HANA Digital Core and SAP Ariba Solutions
Transform Procurement with the SAP S/4HANA Digital Core and SAP Ariba Solutions
SAP Ariba
 
Ariba Network: Supply Chain Today, Vision 2017, and Beyond
Ariba Network: Supply Chain Today, Vision 2017, and BeyondAriba Network: Supply Chain Today, Vision 2017, and Beyond
Ariba Network: Supply Chain Today, Vision 2017, and Beyond
SAP Ariba
 
Revolutionizing Procurement with Artificial Intelligence and Machine Learning
Revolutionizing Procurement with Artificial Intelligence and Machine LearningRevolutionizing Procurement with Artificial Intelligence and Machine Learning
Revolutionizing Procurement with Artificial Intelligence and Machine Learning
SAP Ariba
 
Supplier Success on the Ariba Network
Supplier Success on the Ariba NetworkSupplier Success on the Ariba Network
Supplier Success on the Ariba Network
SAP Ariba
 
Unveiling Our All-New Enhancement Request Model and Customer Support Portal
Unveiling Our All-New Enhancement Request Model and Customer Support PortalUnveiling Our All-New Enhancement Request Model and Customer Support Portal
Unveiling Our All-New Enhancement Request Model and Customer Support Portal
SAP Ariba
 
What Your Spend Data Is Telling You and Why It’s Worth Listening
What Your Spend Data Is Telling You and Why It’s Worth ListeningWhat Your Spend Data Is Telling You and Why It’s Worth Listening
What Your Spend Data Is Telling You and Why It’s Worth Listening
SAP Ariba
 
The Future of How Work Gets Done: Are You Seeing the Big Picture? - SID 51473
The Future of How Work Gets Done: Are You Seeing the Big Picture? - SID 51473The Future of How Work Gets Done: Are You Seeing the Big Picture? - SID 51473
The Future of How Work Gets Done: Are You Seeing the Big Picture? - SID 51473
SAP Ariba
 
Empowering Strategic Sourcing: Transforming Your Process
Empowering Strategic Sourcing: Transforming Your ProcessEmpowering Strategic Sourcing: Transforming Your Process
Empowering Strategic Sourcing: Transforming Your Process
SAP Ariba
 
Redefining Source-to-Pay Processes for the Digital Age
Redefining Source-to-Pay Processes for the Digital AgeRedefining Source-to-Pay Processes for the Digital Age
Redefining Source-to-Pay Processes for the Digital Age
SAP Ariba
 
Procurement Transformation with S/4 HANA Sourcing and Procurement
Procurement Transformation with S/4 HANA Sourcing and ProcurementProcurement Transformation with S/4 HANA Sourcing and Procurement
Procurement Transformation with S/4 HANA Sourcing and Procurement
SAP Ariba
 
Extending Your SAP Supply Chain Systems to Suppliers with SAP Ariba Solutions...
Extending Your SAP Supply Chain Systems to Suppliers with SAP Ariba Solutions...Extending Your SAP Supply Chain Systems to Suppliers with SAP Ariba Solutions...
Extending Your SAP Supply Chain Systems to Suppliers with SAP Ariba Solutions...
SAP Ariba
 
How Procurement Leaders Are Changing to Manage in the Digital Economy
How Procurement Leaders Are Changing to Manage in the Digital EconomyHow Procurement Leaders Are Changing to Manage in the Digital Economy
How Procurement Leaders Are Changing to Manage in the Digital Economy
SAP Ariba
 
Catalogs and Content with SAP Ariba Solutions, Today and Tomorrow
Catalogs and Content with SAP Ariba Solutions, Today and TomorrowCatalogs and Content with SAP Ariba Solutions, Today and Tomorrow
Catalogs and Content with SAP Ariba Solutions, Today and Tomorrow
SAP Ariba
 
Transform Your Business with Open APIs
Transform Your Business with Open APIsTransform Your Business with Open APIs
Transform Your Business with Open APIs
SAP Ariba
 
Recent Innovations in Sourcing, Contracts, and Spend Visibility - SID 51373
Recent Innovations in Sourcing, Contracts, and Spend Visibility - SID 51373Recent Innovations in Sourcing, Contracts, and Spend Visibility - SID 51373
Recent Innovations in Sourcing, Contracts, and Spend Visibility - SID 51373
SAP Ariba
 
Strategic Sourcing Workshop
Strategic Sourcing WorkshopStrategic Sourcing Workshop
Strategic Sourcing Workshop
SAP Ariba
 
Maximize SAP Ariba Solution ROI Through Optimized Governance, Compliance, and...
Maximize SAP Ariba Solution ROI Through Optimized Governance, Compliance, and...Maximize SAP Ariba Solution ROI Through Optimized Governance, Compliance, and...
Maximize SAP Ariba Solution ROI Through Optimized Governance, Compliance, and...
SAP Ariba
 
Redefining Procurement Transformation in the Digital Age - SID 51413
Redefining Procurement Transformation in the Digital Age - SID 51413Redefining Procurement Transformation in the Digital Age - SID 51413
Redefining Procurement Transformation in the Digital Age - SID 51413
SAP Ariba
 
Moving to the Cloud: Adopting & Integrating the SAP Ariba Portfolio in your ...
Moving to the Cloud: Adopting & Integrating the SAP Ariba Portfolio in your ...Moving to the Cloud: Adopting & Integrating the SAP Ariba Portfolio in your ...
Moving to the Cloud: Adopting & Integrating the SAP Ariba Portfolio in your ...
SAP Ariba
 
Migrating from On-premise to Ariba Cloud: Minimizing the Impact and Increasi...
Migrating from On-premise to Ariba Cloud: Minimizing the Impact and Increasi...Migrating from On-premise to Ariba Cloud: Minimizing the Impact and Increasi...
Migrating from On-premise to Ariba Cloud: Minimizing the Impact and Increasi...
SAP Ariba
 
How to Talk to Your Suppliers About the Value of Joining Ariba Network
How to Talk to Your Suppliers About the Value of Joining Ariba NetworkHow to Talk to Your Suppliers About the Value of Joining Ariba Network
How to Talk to Your Suppliers About the Value of Joining Ariba Network
SAP Ariba
 
Ariba
AribaAriba
Ariba
Akhil Goyal
 
#askSAP GRC Innovations Community Call: Cybersecurity Risk and Governance
#askSAP GRC Innovations Community Call: Cybersecurity Risk and Governance#askSAP GRC Innovations Community Call: Cybersecurity Risk and Governance
#askSAP GRC Innovations Community Call: Cybersecurity Risk and Governance
SAP Analytics
 
Protect Your Customers Data from Cyberattacks
Protect Your Customers Data from CyberattacksProtect Your Customers Data from Cyberattacks
Protect Your Customers Data from Cyberattacks
SAP Customer Experience
 

More Related Content

What's hot

What's hot (20)

Revolutionizing Procurement with Artificial Intelligence and Machine Learning
Revolutionizing Procurement with Artificial Intelligence and Machine LearningRevolutionizing Procurement with Artificial Intelligence and Machine Learning
Revolutionizing Procurement with Artificial Intelligence and Machine Learning
 
Supplier Success on the Ariba Network
Supplier Success on the Ariba NetworkSupplier Success on the Ariba Network
Supplier Success on the Ariba Network
 
Unveiling Our All-New Enhancement Request Model and Customer Support Portal
Unveiling Our All-New Enhancement Request Model and Customer Support PortalUnveiling Our All-New Enhancement Request Model and Customer Support Portal
Unveiling Our All-New Enhancement Request Model and Customer Support Portal
 
What Your Spend Data Is Telling You and Why It’s Worth Listening
What Your Spend Data Is Telling You and Why It’s Worth ListeningWhat Your Spend Data Is Telling You and Why It’s Worth Listening
What Your Spend Data Is Telling You and Why It’s Worth Listening
 
The Future of How Work Gets Done: Are You Seeing the Big Picture? - SID 51473
The Future of How Work Gets Done: Are You Seeing the Big Picture? - SID 51473The Future of How Work Gets Done: Are You Seeing the Big Picture? - SID 51473
The Future of How Work Gets Done: Are You Seeing the Big Picture? - SID 51473
 
Empowering Strategic Sourcing: Transforming Your Process
Empowering Strategic Sourcing: Transforming Your ProcessEmpowering Strategic Sourcing: Transforming Your Process
Empowering Strategic Sourcing: Transforming Your Process
 
Redefining Source-to-Pay Processes for the Digital Age
Redefining Source-to-Pay Processes for the Digital AgeRedefining Source-to-Pay Processes for the Digital Age
Redefining Source-to-Pay Processes for the Digital Age
 
Procurement Transformation with S/4 HANA Sourcing and Procurement
Procurement Transformation with S/4 HANA Sourcing and ProcurementProcurement Transformation with S/4 HANA Sourcing and Procurement
Procurement Transformation with S/4 HANA Sourcing and Procurement
 
Extending Your SAP Supply Chain Systems to Suppliers with SAP Ariba Solutions...
Extending Your SAP Supply Chain Systems to Suppliers with SAP Ariba Solutions...Extending Your SAP Supply Chain Systems to Suppliers with SAP Ariba Solutions...
Extending Your SAP Supply Chain Systems to Suppliers with SAP Ariba Solutions...
 
How Procurement Leaders Are Changing to Manage in the Digital Economy
How Procurement Leaders Are Changing to Manage in the Digital EconomyHow Procurement Leaders Are Changing to Manage in the Digital Economy
How Procurement Leaders Are Changing to Manage in the Digital Economy
 
Catalogs and Content with SAP Ariba Solutions, Today and Tomorrow
Catalogs and Content with SAP Ariba Solutions, Today and TomorrowCatalogs and Content with SAP Ariba Solutions, Today and Tomorrow
Catalogs and Content with SAP Ariba Solutions, Today and Tomorrow
 
Transform Your Business with Open APIs
Transform Your Business with Open APIsTransform Your Business with Open APIs
Transform Your Business with Open APIs
 
Recent Innovations in Sourcing, Contracts, and Spend Visibility - SID 51373
Recent Innovations in Sourcing, Contracts, and Spend Visibility - SID 51373Recent Innovations in Sourcing, Contracts, and Spend Visibility - SID 51373
Recent Innovations in Sourcing, Contracts, and Spend Visibility - SID 51373
 
Strategic Sourcing Workshop
Strategic Sourcing WorkshopStrategic Sourcing Workshop
Strategic Sourcing Workshop
 
Maximize SAP Ariba Solution ROI Through Optimized Governance, Compliance, and...
Maximize SAP Ariba Solution ROI Through Optimized Governance, Compliance, and...Maximize SAP Ariba Solution ROI Through Optimized Governance, Compliance, and...
Maximize SAP Ariba Solution ROI Through Optimized Governance, Compliance, and...
 
Redefining Procurement Transformation in the Digital Age - SID 51413
Redefining Procurement Transformation in the Digital Age - SID 51413Redefining Procurement Transformation in the Digital Age - SID 51413
Redefining Procurement Transformation in the Digital Age - SID 51413
 
Moving to the Cloud: Adopting & Integrating the SAP Ariba Portfolio in your ...
Moving to the Cloud: Adopting & Integrating the SAP Ariba Portfolio in your ...Moving to the Cloud: Adopting & Integrating the SAP Ariba Portfolio in your ...
Moving to the Cloud: Adopting & Integrating the SAP Ariba Portfolio in your ...
 
Migrating from On-premise to Ariba Cloud: Minimizing the Impact and Increasi...
Migrating from On-premise to Ariba Cloud: Minimizing the Impact and Increasi...Migrating from On-premise to Ariba Cloud: Minimizing the Impact and Increasi...
Migrating from On-premise to Ariba Cloud: Minimizing the Impact and Increasi...
 
How to Talk to Your Suppliers About the Value of Joining Ariba Network
How to Talk to Your Suppliers About the Value of Joining Ariba NetworkHow to Talk to Your Suppliers About the Value of Joining Ariba Network
How to Talk to Your Suppliers About the Value of Joining Ariba Network
 
Ariba
AribaAriba
Ariba
 

Similar to Securing Your Digital Transformation: Cybersecurity and You

Solving for Compliance: Mobile app security for banking and financial services
Solving for Compliance: Mobile app security for banking and financial servicesSolving for Compliance: Mobile app security for banking and financial services
Solving for Compliance: Mobile app security for banking and financial services
NowSecure
 
End-to-end SAP S/4HANA security projects are child’s play – if you have the r...
End-to-end SAP S/4HANA security projects are child’s play – if you have the r...End-to-end SAP S/4HANA security projects are child’s play – if you have the r...
End-to-end SAP S/4HANA security projects are child’s play – if you have the r...
akquinet enterprise solutions GmbH
 
PPT-Splunk-LegacySIEM-101_FINAL
PPT-Splunk-LegacySIEM-101_FINALPPT-Splunk-LegacySIEM-101_FINAL
PPT-Splunk-LegacySIEM-101_FINAL
Risi Avila
 
Incident Response and SAP Systems
Incident Response and SAP SystemsIncident Response and SAP Systems
Incident Response and SAP Systems
Onapsis Inc.
 
Security: Enabling the Journey to the Cloud
Security: Enabling the Journey to the CloudSecurity: Enabling the Journey to the Cloud
Security: Enabling the Journey to the Cloud
Capgemini
 
Leveraging HPCC Systems as Part of an Information Security, Privacy, and Comp...
Leveraging HPCC Systems as Part of an Information Security, Privacy, and Comp...Leveraging HPCC Systems as Part of an Information Security, Privacy, and Comp...
Leveraging HPCC Systems as Part of an Information Security, Privacy, and Comp...
HPCC Systems
 
SAST Managed Services for SAP [Webinar]
SAST Managed Services for SAP [Webinar]SAST Managed Services for SAP [Webinar]
SAST Managed Services for SAP [Webinar]
akquinet enterprise solutions GmbH
 

Similar to Securing Your Digital Transformation: Cybersecurity and You (20)

#askSAP GRC Innovations Community Call: Cybersecurity Risk and Governance
#askSAP GRC Innovations Community Call: Cybersecurity Risk and Governance#askSAP GRC Innovations Community Call: Cybersecurity Risk and Governance
#askSAP GRC Innovations Community Call: Cybersecurity Risk and Governance
 
Protect Your Customers Data from Cyberattacks
Protect Your Customers Data from CyberattacksProtect Your Customers Data from Cyberattacks
Protect Your Customers Data from Cyberattacks
 
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
 
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
 
Solving for Compliance: Mobile app security for banking and financial services
Solving for Compliance: Mobile app security for banking and financial servicesSolving for Compliance: Mobile app security for banking and financial services
Solving for Compliance: Mobile app security for banking and financial services
 
Deliver the ‘Right’ Customer Experience without Compromising Data Security
Deliver the ‘Right’ Customer Experience without Compromising Data SecurityDeliver the ‘Right’ Customer Experience without Compromising Data Security
Deliver the ‘Right’ Customer Experience without Compromising Data Security
 
End-to-end SAP S/4HANA security projects are child’s play – if you have the r...
End-to-end SAP S/4HANA security projects are child’s play – if you have the r...End-to-end SAP S/4HANA security projects are child’s play – if you have the r...
End-to-end SAP S/4HANA security projects are child’s play – if you have the r...
 
PPT-Splunk-LegacySIEM-101_FINAL
PPT-Splunk-LegacySIEM-101_FINALPPT-Splunk-LegacySIEM-101_FINAL
PPT-Splunk-LegacySIEM-101_FINAL
 
How a Leading Saudi Bank Matured Security to Better Partner the Business
How a Leading Saudi Bank Matured Security to Better Partner the BusinessHow a Leading Saudi Bank Matured Security to Better Partner the Business
How a Leading Saudi Bank Matured Security to Better Partner the Business
 
Fleet Optimization Buyer's Guide
Fleet Optimization Buyer's GuideFleet Optimization Buyer's Guide
Fleet Optimization Buyer's Guide
 
The Legal Case for Cybersecurity: Implementing and Maturing a Cyber Risk Mana...
The Legal Case for Cybersecurity: Implementing and Maturing a Cyber Risk Mana...The Legal Case for Cybersecurity: Implementing and Maturing a Cyber Risk Mana...
The Legal Case for Cybersecurity: Implementing and Maturing a Cyber Risk Mana...
 
Data Consult Managed Security Services
Data Consult Managed Security ServicesData Consult Managed Security Services
Data Consult Managed Security Services
 
Incident Response and SAP Systems
Incident Response and SAP SystemsIncident Response and SAP Systems
Incident Response and SAP Systems
 
Security: Enabling the Journey to the Cloud
Security: Enabling the Journey to the CloudSecurity: Enabling the Journey to the Cloud
Security: Enabling the Journey to the Cloud
 
Leveraging HPCC Systems as Part of an Information Security, Privacy, and Comp...
Leveraging HPCC Systems as Part of an Information Security, Privacy, and Comp...Leveraging HPCC Systems as Part of an Information Security, Privacy, and Comp...
Leveraging HPCC Systems as Part of an Information Security, Privacy, and Comp...
 
Delta g ric_consulting_presentation_erpscan_2015
Delta g ric_consulting_presentation_erpscan_2015Delta g ric_consulting_presentation_erpscan_2015
Delta g ric_consulting_presentation_erpscan_2015
 
Splunk Forum Frankfurt - 15th Nov 2017 - Building SOC with Splunk
Splunk Forum Frankfurt - 15th Nov 2017 - Building SOC with SplunkSplunk Forum Frankfurt - 15th Nov 2017 - Building SOC with Splunk
Splunk Forum Frankfurt - 15th Nov 2017 - Building SOC with Splunk
 
Travis Perkins: Building a 'Lean SOC' over 'Legacy SOC'
Travis Perkins: Building a 'Lean SOC' over 'Legacy SOC'Travis Perkins: Building a 'Lean SOC' over 'Legacy SOC'
Travis Perkins: Building a 'Lean SOC' over 'Legacy SOC'
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics
 
SAST Managed Services for SAP [Webinar]
SAST Managed Services for SAP [Webinar]SAST Managed Services for SAP [Webinar]
SAST Managed Services for SAP [Webinar]
 

More from SAP Ariba

Preparing for Awesomeness: 12 Keys to Success - SID 51270
Preparing for Awesomeness: 12 Keys to Success - SID 51270Preparing for Awesomeness: 12 Keys to Success - SID 51270
Preparing for Awesomeness: 12 Keys to Success - SID 51270
SAP Ariba
 

More from SAP Ariba (20)

WINC. Australia and New Zealand: Collaborating with Direct Spend Suppliers - ...
WINC. Australia and New Zealand: Collaborating with Direct Spend Suppliers - ...WINC. Australia and New Zealand: Collaborating with Direct Spend Suppliers - ...
WINC. Australia and New Zealand: Collaborating with Direct Spend Suppliers - ...
 
Using E-Commerce to Integrate Your Collaborative Business Transactions - SID ...
Using E-Commerce to Integrate Your Collaborative Business Transactions - SID ...Using E-Commerce to Integrate Your Collaborative Business Transactions - SID ...
Using E-Commerce to Integrate Your Collaborative Business Transactions - SID ...
 
The Road to Strategic Finance: Characteristics of a Highly Effective Finance ...
The Road to Strategic Finance: Characteristics of a Highly Effective Finance ...The Road to Strategic Finance: Characteristics of a Highly Effective Finance ...
The Road to Strategic Finance: Characteristics of a Highly Effective Finance ...
 
Simplify Supplier Risk Management Across Your Procurement Processes - SID 51538
Simplify Supplier Risk Management Across Your Procurement Processes - SID 51538Simplify Supplier Risk Management Across Your Procurement Processes - SID 51538
Simplify Supplier Risk Management Across Your Procurement Processes - SID 51538
 
SAP Ariba Solutions Realized: Stories of Effective Implementation and Forward...
SAP Ariba Solutions Realized: Stories of Effective Implementation and Forward...SAP Ariba Solutions Realized: Stories of Effective Implementation and Forward...
SAP Ariba Solutions Realized: Stories of Effective Implementation and Forward...
 
Rio Tinto: Sourcing Multiple Spend Categories in a Single Platform - SID 51255
Rio Tinto: Sourcing Multiple Spend Categories in a Single Platform - SID 51255Rio Tinto: Sourcing Multiple Spend Categories in a Single Platform - SID 51255
Rio Tinto: Sourcing Multiple Spend Categories in a Single Platform - SID 51255
 
Preparing for Awesomeness: 12 Keys to Success - SID 51270
Preparing for Awesomeness: 12 Keys to Success - SID 51270Preparing for Awesomeness: 12 Keys to Success - SID 51270
Preparing for Awesomeness: 12 Keys to Success - SID 51270
 
Paperless Supply Chain Collaboration at DuluxGroup - SID 51254
Paperless Supply Chain Collaboration at DuluxGroup - SID 51254Paperless Supply Chain Collaboration at DuluxGroup - SID 51254
Paperless Supply Chain Collaboration at DuluxGroup - SID 51254
 
Leading Change and Diversity in Procurement - SID 51537
Leading Change and Diversity in Procurement - SID 51537Leading Change and Diversity in Procurement - SID 51537
Leading Change and Diversity in Procurement - SID 51537
 
Key Strategies for Procurement to Increase Savings and Contribute to Strategi...
Key Strategies for Procurement to Increase Savings and Contribute to Strategi...Key Strategies for Procurement to Increase Savings and Contribute to Strategi...
Key Strategies for Procurement to Increase Savings and Contribute to Strategi...
 
Redefining Procurement Transformation in the Digital Age - SID 51413
Redefining Procurement Transformation in the Digital Age - SID 51413Redefining Procurement Transformation in the Digital Age - SID 51413
Redefining Procurement Transformation in the Digital Age - SID 51413
 
More Ways to Buy Means More Savings: Maximizing the Value of SAP Ariba Soluti...
More Ways to Buy Means More Savings: Maximizing the Value of SAP Ariba Soluti...More Ways to Buy Means More Savings: Maximizing the Value of SAP Ariba Soluti...
More Ways to Buy Means More Savings: Maximizing the Value of SAP Ariba Soluti...
 
How to Get Mass Supplier Enablement: Transform Your Supplier Enablement Progr...
How to Get Mass Supplier Enablement: Transform Your Supplier Enablement Progr...How to Get Mass Supplier Enablement: Transform Your Supplier Enablement Progr...
How to Get Mass Supplier Enablement: Transform Your Supplier Enablement Progr...
 
How to Craft a World-Class Commerce Program with Your Suppliers - SID 51263
How to Craft a World-Class Commerce Program with Your Suppliers - SID 51263How to Craft a World-Class Commerce Program with Your Suppliers - SID 51263
How to Craft a World-Class Commerce Program with Your Suppliers - SID 51263
 
How Procurement Leaders Are Changing to Manage in the Digital Economy - SID 5...
How Procurement Leaders Are Changing to Manage in the Digital Economy - SID 5...How Procurement Leaders Are Changing to Manage in the Digital Economy - SID 5...
How Procurement Leaders Are Changing to Manage in the Digital Economy - SID 5...
 
How Do Our Most Successful Customers Do It? The Must-Have Ingredients for Val...
How Do Our Most Successful Customers Do It? The Must-Have Ingredients for Val...How Do Our Most Successful Customers Do It? The Must-Have Ingredients for Val...
How Do Our Most Successful Customers Do It? The Must-Have Ingredients for Val...
 
How Do Our Most Successful Customers Do It? The Must-Have Ingredients for Val...
How Do Our Most Successful Customers Do It? The Must-Have Ingredients for Val...How Do Our Most Successful Customers Do It? The Must-Have Ingredients for Val...
How Do Our Most Successful Customers Do It? The Must-Have Ingredients for Val...
 
Five Secrets of Moving Procurement to the Awesomeness of the Cloud - SID 51421
Five Secrets of Moving Procurement to the Awesomeness of the Cloud - SID 51421Five Secrets of Moving Procurement to the Awesomeness of the Cloud - SID 51421
Five Secrets of Moving Procurement to the Awesomeness of the Cloud - SID 51421
 
Empowering Strategic Sourcing: Transforming Your Process - SID 51411
Empowering Strategic Sourcing: Transforming Your Process - SID 51411Empowering Strategic Sourcing: Transforming Your Process - SID 51411
Empowering Strategic Sourcing: Transforming Your Process - SID 51411
 
Driving Compliance, Value, and Transparency Within Public Sector Procurement ...
Driving Compliance, Value, and Transparency Within Public Sector Procurement ...Driving Compliance, Value, and Transparency Within Public Sector Procurement ...
Driving Compliance, Value, and Transparency Within Public Sector Procurement ...
 

Recently uploaded

FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134
LR1709MUSIC
 
Cree_Rey_BrandIdentityKit.PDF_PersonalBd
Cree_Rey_BrandIdentityKit.PDF_PersonalBdCree_Rey_BrandIdentityKit.PDF_PersonalBd
Cree_Rey_BrandIdentityKit.PDF_PersonalBd
creerey
 
Memorandum Of Association Constitution of Company.ppt
Memorandum Of Association Constitution of Company.pptMemorandum Of Association Constitution of Company.ppt
Memorandum Of Association Constitution of Company.ppt
seri bangash
 
chapter 10 - excise tax of transfer and business taxation
chapter 10 - excise tax of transfer and business taxationchapter 10 - excise tax of transfer and business taxation
chapter 10 - excise tax of transfer and business taxation
AUDIJEAngelo
 
Cracking the Change Management Code Main New.pptx
Cracking the Change Management Code Main New.pptxCracking the Change Management Code Main New.pptx
Cracking the Change Management Code Main New.pptx
Workforce Group
 

Recently uploaded (20)

FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134
 
Understanding UAE Labour Law: Key Points for Employers and Employees
Understanding UAE Labour Law: Key Points for Employers and EmployeesUnderstanding UAE Labour Law: Key Points for Employers and Employees
Understanding UAE Labour Law: Key Points for Employers and Employees
 
TriStar Gold Corporate Presentation May 2024
TriStar Gold Corporate Presentation May 2024TriStar Gold Corporate Presentation May 2024
TriStar Gold Corporate Presentation May 2024
 
Cree_Rey_BrandIdentityKit.PDF_PersonalBd
Cree_Rey_BrandIdentityKit.PDF_PersonalBdCree_Rey_BrandIdentityKit.PDF_PersonalBd
Cree_Rey_BrandIdentityKit.PDF_PersonalBd
 
Transforming Max Life Insurance with PMaps Job-Fit Assessments- Case Study
Transforming Max Life Insurance with PMaps Job-Fit Assessments- Case StudyTransforming Max Life Insurance with PMaps Job-Fit Assessments- Case Study
Transforming Max Life Insurance with PMaps Job-Fit Assessments- Case Study
 
LinkedIn Masterclass Techweek 2024 v4.1.pptx
LinkedIn Masterclass Techweek 2024 v4.1.pptxLinkedIn Masterclass Techweek 2024 v4.1.pptx
LinkedIn Masterclass Techweek 2024 v4.1.pptx
 
Matt Conway - Attorney - A Knowledgeable Professional - Kentucky.pdf
Matt Conway - Attorney - A Knowledgeable Professional - Kentucky.pdfMatt Conway - Attorney - A Knowledgeable Professional - Kentucky.pdf
Matt Conway - Attorney - A Knowledgeable Professional - Kentucky.pdf
 
India’s Recommended Women Surgeons to Watch in 2024.pdf
India’s Recommended Women Surgeons to Watch in 2024.pdfIndia’s Recommended Women Surgeons to Watch in 2024.pdf
India’s Recommended Women Surgeons to Watch in 2024.pdf
 
Memorandum Of Association Constitution of Company.ppt
Memorandum Of Association Constitution of Company.pptMemorandum Of Association Constitution of Company.ppt
Memorandum Of Association Constitution of Company.ppt
 
Taurus Zodiac Sign_ Personality Traits and Sign Dates.pptx
Taurus Zodiac Sign_ Personality Traits and Sign Dates.pptxTaurus Zodiac Sign_ Personality Traits and Sign Dates.pptx
Taurus Zodiac Sign_ Personality Traits and Sign Dates.pptx
 
Equinox Gold Corporate Deck May 24th 2024
Equinox Gold Corporate Deck May 24th 2024Equinox Gold Corporate Deck May 24th 2024
Equinox Gold Corporate Deck May 24th 2024
 
Pitch Deck Teardown: RAW Dating App's $3M Angel deck
Pitch Deck Teardown: RAW Dating App's $3M Angel deckPitch Deck Teardown: RAW Dating App's $3M Angel deck
Pitch Deck Teardown: RAW Dating App's $3M Angel deck
 
5 Things You Need To Know Before Hiring a Videographer
5 Things You Need To Know Before Hiring a Videographer5 Things You Need To Know Before Hiring a Videographer
5 Things You Need To Know Before Hiring a Videographer
 
Falcon Invoice Discounting Setup for Small Businesses
Falcon Invoice Discounting Setup for Small BusinessesFalcon Invoice Discounting Setup for Small Businesses
Falcon Invoice Discounting Setup for Small Businesses
 
Did Paul Haggis Ever Win an Oscar for Best Filmmaker
Did Paul Haggis Ever Win an Oscar for Best FilmmakerDid Paul Haggis Ever Win an Oscar for Best Filmmaker
Did Paul Haggis Ever Win an Oscar for Best Filmmaker
 
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...
 
chapter 10 - excise tax of transfer and business taxation
chapter 10 - excise tax of transfer and business taxationchapter 10 - excise tax of transfer and business taxation
chapter 10 - excise tax of transfer and business taxation
 
Using Generative AI for Content Marketing
Using Generative AI for Content MarketingUsing Generative AI for Content Marketing
Using Generative AI for Content Marketing
 
Cracking the Change Management Code Main New.pptx
Cracking the Change Management Code Main New.pptxCracking the Change Management Code Main New.pptx
Cracking the Change Management Code Main New.pptx
 
How to Maintain Healthy Life style.pptx
How to Maintain Healthy Life style.pptxHow to Maintain Healthy Life style.pptx
How to Maintain Healthy Life style.pptx
 

Securing Your Digital Transformation: Cybersecurity and You

  • 1. PUBLIC Lakshmi Hanspal, Chief Security Officer, SAP Ariba Trust Office (SAP) Gonzalo Bas, Business Security Specialist, SAP Ariba Trust Office (SAP) June 2017 Securing Your Digital Transformation: Cybersecurity and You
  • 2. 2PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Smart SecureSimple
  • 3. 3PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Decision makers today have two fundamental choices to address their business need Business need Source globally, digitalize collaboration, execute business transactions efficiently Choice Traditional application  Deploy application on-premise or in-house  Use phone/e-mail/letters/meetings to collaborate  Send and receive documents via e-mail/fax/paper/EDI  Leverage out-of-band channels for invoicing and payments Networked solution  Deploy application in cloud  Invite partners to collaborate throughout the process  Exchange documents electronically through business network  Leverage integrated channels and achieve transparency in invoicing and payments
  • 4. 4PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ A network approach is attractive, but companies need to protect their data and their business relationships Protect personal data  Achieve legal compliance such as fulfilling data protection requirements  Ensure information relating to individuals is protected in storage and processing Protect trade secrets  Store business data safely  Transmit transactional data securely  Prohibit unauthorized access to data
  • 5. 5PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ  Securing the software development lifecycle  Guarding your data against internal and external risks  Access through least privilege/“need-to-know basis”  Environment segmentation and demarcation  Resiliency as core competency  High availability, monitoring, and business continuity Trust model for cloud providers Cloud providers should leverage a holistic, multidimensional approach to establish and maintain state-of-the-art security and privacy. Security and privacy Technology Processes People Scoping
  • 6. 6PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Protecting commerce in the cloud – build secure, run secure, be secure Business enablement  Customer collaterals  Contracts and RFPs  Trend analysis Privacy  Data protection  Regulations  Incident response Governance  Policies and standards  Compliance and audit  Risk management  Training and awareness Ecosystem  Application  Data  Secure development  Pen testing  Solution integration Architecture and engineering  Solution architecture  Infrastructure and network  Security engineering  Tools engineering Security operations  Vulnerability management  Incident management and response  Event correlation  Emerging threats
  • 7. 7PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ SAP Ariba secure software development to holistically integrate secure development principles in accordance with ISO 27034-1 Build secure products – SAP Ariba secure development lifecycle 1 Security validation Security response Secure develop- ment Security testing Risk assess- ment Security planning Security training 2 3 4 5 6 7 Integrate DeployCode PackageDesign
  • 8. 8PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Build secure products – security training Information security fundamentals Payment Card Industry (PCI-DSS) basics Secure programming (OWASP Top 10) Data protection and privacy Coming in 2017 Security expert curriculum Coming in 2017
  • 9. 9PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Build secure products – Software Security Champion program  Minimum 3 to 5 years of software development experience  Passion for security, “thinks like a hacker”  Willingness to take additional security training  Rotation every 6 months between primary and backup  Role activities should link to 10%–15% of the person’s goals  Enforce the SAP Ariba secure development lifecycle  Become the static and dynamic tools expert on your team  Be the advocate for security within your core development team  Conduct architecture security analysis and threat modeling sessions  Attend monthly meetings with larger Security Champion/Product Security team  Share gained security knowledge with other developers  Act as the eyes and ears of the Product Security team Responsibilities RoleRequirements
  • 10. 10PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Run secure – security risk assessment  Third-party vendor review  Data privacy impact assessment  Product security early engagement questionnaire  Privacy and legal review  Threat modeling  Product risk profile report  Completed engagement questionnaire  Completed privacy impact assessment  Certification requirements  List of third-party software  List of applicable laws and regulations  Business software requirements  Data flow diagrams  Threat modeling reports  Risk matrix for threats  Risk mitigation plan  Threat profile report Activities Deliverables
  • 11. 11PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Run secure – vendor/subprocessor oversight SAP Ariba Cloud Unit to identify all vendors or subprocessors with access to sensitive personal, business, or confidential information via production environment. SAP Ariba Cloud Unit to identify all vendors or subprocessors with access to sensitive personal, business, or confidential information via production environment. Update list when new vendors or subprocessors are contracted. Revaluate vendors and subprocessors based upon associated risk ratings or at the time of contract renewal. Identify Evaluate Maintain
  • 12. 12PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Run secure – third-party risk assessments SA01 Has your site been audited by an outside agency (SysTrust, WebTrust, PCI-DSS, SAS-70 Type II, BS7799, ISO or other)? If so, how often do you get audited? Provide audit report(s) SA02 Do you perform internal audits? If so, who conducts them and how often? Provide audit report(s). PP01 Does an Information Security Policy/Plan exist? If so, please provide a copy. PP02 Who is responsible for maintaining and enforcing this policy/plan? PP03 Does an information classification and protection policy exist? Security assessments Policy and procedures PS01 What is the location of the data center? PS02 How is access to the building controlled? PS03 Are any areas of the building open to the public? PS04 Is there a 24x7 guard presence on site? PS05 Do surveillance cameras monitor the building entrances and emergency exits? PS06 Do surveillance cameras monitor other areas of the data center? PS07 Describe the type of surveillance cameras used (CCTV, network cameras, etc.). PS08 What type of authentication method is used for access to the building? PS09 What type of authentication method is used for access to the data center? PS10 Are staff required to wear photo identification badges at all times? PS11 Are bags, boxes and other packages inspected prior to being permitted in the facility? PS12 What work-around methods exist for access to the buildings in the event the above access methods fail? PS13 Are guests/visitors permitted into the data center? If so, what is the procedure for identification and authorization? PS14 Are guests/visitors allowed unescorted access to any portion of the building? PS15 What other physical security controls are in place for entrance into the data center? PS16 Are systems in the data center protected by a cage to prevent unauthorized tampering? PS17 Is the building shared with other tenants? PS18 What controls are in place for receiving deliveries destined for the data center? PS19 What controls are in place for the removal of equipment from the data center? PS20 How many personnel have physical access to the systems? Provide role of these individuals. Physical security controls Environmental controls EC01 What type of fire suppression is used within the data center? EC02 What type of fire detection is used within the data center? EC03 How is temperature and humidity monitored and controlled in the data center? EC04 Are there redundant power supplies? EC05 Are backup generators present to protect against long-term power failure? If so, how long can operations be sustained on backup generators before refueling? Do you have contracts for fuel supply in the event of an emergency? EC06 Can building environmental systems be managed remotely? IR01 Is there a Computer Security Incident Response Team (CSIRT) and plan in place? IR02 Is the CSIRT plan tested on a regular basis? If so, give the last date the plan was tested? IR03 Do you have a policy for customer notification of security incidents? If so, please provide a copy. IR04 Describe the process for notifying customers in the event of a security incident? IR05 What intrusion detection systems are currently in place? IR06 How are alerts received and managed? IR07 Have you had any successful attempts to compromise a system? Any failed attempts? IR08 How do you currently protect against denial of service attacks? IR09 Do you conduct penetration testing of your environment on a regular basis? IR10 Are IDS and firewall logs monitored and reviewed? How often? How long are IDS and firewall logs maintained? Incident response
  • 13. 13PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Run secure – third-party risk assessments DR01 Is there a disaster recovery plan in place? If so, please provide a copy. DR02 What are your procedures for updating the plan? DR03 What is the schedule for testing and training on the plan? DR04 When was the last drill performed? DR05 What critical systems are covered by the plan? DR06 What systems are not covered by the plan? DR07 What are the procedures for activating the plan? DR08 How are inventories of critical systems maintained? DR09 Are there formal backup procedures documented? DR10 Describe your backup policy? DR11 Do you have an offsite storage agreement in place? If so, with whom? DR12 Who has access to the backup tapes? DR13 Is your site insured? If so, with whom and describe the coverage. LA01 Please describe your administrative/super user login procedures? LA02 How is password security managed? LA03 Please describe your password policy? What is the minimum number of characters? What level of complexity is required (letters, numbers, symbols, etc.)? What is the password history? How often must passwords be changed? LA04 How are passwords stored and transmitted? LA05 How are passwords communicated to users? LA06 Do your systems support a lockout mechanism for failed login attempts? If so, please describe. LA07 Do you use a 2-factor authentication mechanism? If so, please describe. LA08 Is user access controlled by groups or roles? If so, please describe. LA09 Do procedures exist to disable access for terminated users? LA10 Is there a procedure to periodically audit user accounts? LA11 Are changes in user account privileges logged? LA12 Do you have separation of duties when it comes to administrative access to your systems? Logical access controls Risk management controls RM01 Is there a documented risk management plan with written procedures? RM02 How often are risk assessments performed? RM03 Please describe your risk assessment process? OS01 Do you have 24x7 support? Please describe the escalation path. Is a live person available at all hours? OS02 How do you monitor your environment? OS03 Describe your policy for delivering post mortem details after an outage. OS04 Do you have multiple internet providers? OS05 What are the terms of your SLA? How do you measure your performance against it? OS06 What are your maintenance windows? OS07 Describe your procedures for notifying customers of downtime, both planned and unplanned. OS08 Do you support an encrypted interface with your systems like SSL? OS09 Do you provide an online management tool for our account? OS10 Please describe the technical capabilities of the on call staff. Operational support Disaster recovery controls
  • 14. 14PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Run secure – advanced secure protocol and ciphers Note: The front-door servers with the advanced configuration will be accessed with different URLs than the Web servers with the legacy security configuration. Users Client connections from:  Browsers  System interfaces Includes:  Buyers  Suppliers  On-premise to Ariba Network DMZ network Private network Front-door Web servers with the legacy security configuration Front-door Web servers with the advanced security configuration SAP Ariba on-demand products and services Includes:  Upstream  Downstream  Ariba Network Firewall Firewall
  • 15. 15PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Run secure – EU General Data Protection Regulation (GDPR) Replaces EU Data Protection Directive (1995) and harmonizes data privacy laws across Europe Requirement Implementation  Transparency and accountability (Articles 5, 24, 30)  Privacy impact assessment (Article 35)  Data inventory (classification) and documentation (data flow; encryption, anonymization, access control, edit/ read log etc.) For products and services processing customer data  Gap analysis, mitigation and noncompliance risk  Privacy by design/ impact assessment  Data portability (30 days)/ deletion/ retention  Data breach (72 hr) involvement from DPA/ EDPB/individual  Subprocessor process and inventory (classification)  Privacy statement and Web site (consent for collecting PII; for example, asgeo/IP address, noninteractively, cookie inventory, method of tracking and messaging)  Training and communications  Certification – SSAE 16 SOC 2 Privacy, ISO 27018 (needs 27001)  Record of processing activities (Article 30)  Data protection by design and default (Article 25)  Special categories – enhancement (Article 9)  Automated decision taking and profiling (Article 22)  Data subject rights (Articles 15, 17, 20)  Data breaches and notification (Articles 33, 34)  Using service providers (Article 28)  Data subject rights (Articles 15, 17, 20)  Information notices (Articles 12, 13, 14)  Consent (Articles 4, 6, 7, 8, 9) Prep Analysis & design Legal requirements: GDPR implementation Jul Aug Sep Oct Nov Dec Q1/Q2 2016 2017 2018 May 25: GDPR effective GDPR compliance checks
  • 16. 16PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Be secure – protecting commerce in the cloud 2016 2017 2018 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Upgrade legacy to SHA-2 compliance Q1 2017 Ariba Network encryption Q2 2017 Key management – software vault Q3 2017 Customer adoptionAdvanced front door Q4 2016 Customer adoptionQ4 2016Downstream data encryption Q2 2016 Upstream data encryption Customer adoption Key management – hardware vault (HSM) Q4 2017
  • 17. 17PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ  Corporate decisions on how risk must be managed (strategy, principles, policies, standards. …)  Knowing how much risk the organization is willing to accept (risk tolerance/appetite)  An understanding of who accepts risk on behalf of the organization (understanding and adherence)  A method or process to understand the risk and how to deal with it (risk assessments, risk treatment)  Knowing what needs to be protected (inventory, information classification)  A method to effectively communicate responsibilities and obligations (escalate risks and decisions)  A comprehensive and balanced set of requirements  A method and process for managing everyone’s expectations (sign-off)  A common framework to put it all together. Be secure – effective risk management Information security needs to be a continuously operating management system
  • 18. 18PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Data breach Policy and compliance Third party App compromise Cyber attacks Infrastructure breach  Encryption (disk, application)  Access control  Data leakage protection (DLP)  Deletion  SIEM/event detection  Vulnerability assessment/scans  Threat intel  Containment capability  Event response Be secure – risk categories and controls  Subprocessor data center audit findings  Third-party MDPA/DPQ outliers  Third-party information system security  Review outliers  Audit findings  Policy/procedure adherence/gaps  Policy exceptions  Training and awareness  SDLC  Penetration testing  Encryption between tiers  Physical security  Access management  Configuration management  Patching  Asset management
  • 19. 19PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Be secure – building assurance via attestation Code of practice ISO 27002 Transparency Service delivery ISO 20000 Business continuity ISO 22300 Application security ISO 27034 OWASP Hardening guidelines CIS, RAPID7, SANs, ISO CERT, NIST Quality management ISO 9000 ISO25010 Destruction of media ISO 27040 Incident management ISO 27035 Data protection Safe Harbor BS 10012 Data privacy BDSG EU Directive 95/46/EC; GDPR Certification ISO 22301, ISO 9001, ISO27001, ISO 27018 Operations and compliance (including IP) SOC 2, SOC 3 (AT 101 / ISAE 3000), IRAP Financial controls SOX, SOC 1 (SSAE16 / ISAE 3402), PCI Privacy Security best practice Foundation
  • 20. 20PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Be secure – protecting customer personal and business data  Validating security and privacy practices and providing confidence in the use of third parties  Approach consistent with other cloud companies Building and maintaining trust  Demonstration of proactive compliance with regulators  Common framework for other standards, regulatory requirements  Reduced liability risk Compliance and legal requirements  Management accountable for committing (time, effort, funding, resources, and more) to data protection  Management accountable to select controls based on risk acceptance and enforce those controls within the organization Management commitment  Increased awareness of data protection within the organization  Appropriate protection of cloud assets  Efficiencies gained through repeatable processes for compliance monitoring; effectiveness of controls measured and reported Continual improvement
  • 21. 21PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ In case  You accidently send your data to the wrong recipient  Your coworker notifies you of e-mailing sensitive data to the wrong recipient  You notice a security issue in an application that may expose your data to others  You are not sure if there is a security issue, but believe there could be one Contact ariba.secops@sap.com with the relevant information immediately. We may be contractually bound to report incidents to appropriate parties and timing is critical. Protecting customer data – how can you help?
  • 22. 22PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Securing your digital transformation Cyberdefense Multilayers of defense Holistic: Prevent, detect, remediate Comprehensive contracts Privacy, security framework applicable local regulations Independent audits Service organization report Certifications Secure cloud model Holistic approach Secure architecture Build secure, run secure, be secure
  • 23. 23PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ Please Complete Session Survey Locate Session Click Surveys Button Select Breakout Survey Rate Session
  • 24. Thank you. Contact information: Lakshmi Hanspal Gonzalo Bas Chief Security Officer Business Security Specialist SAP Ariba Trust Office (SAP) SAP Ariba Trust Office (SAP) lakshmi.hanspal@sap.com gonzalo.bas@sap.com @lakshmihanspal