Currently Being Moderated
Matthias Wild

Security matters … for all of us!

Posted by Matthias Wild in SAP Runs SAP on May 1, 2014 3:36:09 PM

I’ve seen this graphic recently and was really surprised. Ok, it is from 2012 and a lot of people may have changed their mind in the meantime. But 25% responded that Data Security is ‘somewhat important’? Come on!

 

how_important_is_data_security.jpg

 

SAP’s Head of IT Security is Ralph Salomon and he has a clear opinion about his latest accountability to design the security layers for HANA Enterprise Cloud:

 

Information Security is not just a buzzword for the SAP IT Security & Risk Office – it‘s our daily work, our passion, and the principle that drives us. We strive to provide the best data protection possible to SAP and our customers. Each customer is treated as if they were our only customer.

That‘s the kind of commitment and importance we work to achieve - every single day.

We have consistently certified to internationally recognized standards such as ISO 9001 for Quality Management or ISO 27001 for Information Security along with using industry accepted best practices such as COBIT or the ISF Standard of Good Practice for Information Security to assure the best possible security and risk management approach.”

 

I was at the SecureCloud 2014 conference in Amsterdam together with Ralph some weeks ago. This event provided an opportunity for government experts, industry experts and corporate decision makers to discuss and exchange ideas about how to shape the future of cloud computing security. It was also a place to learn from cloud computing experts about cloud computing security and privacy as well as to discuss about practical case studies from industry and government.

 

The conference was organized by the Cloud Security Alliance (CSA). Never heard about CSA before? The CSA is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information please visit https://cloudsecurityalliance.org and follow CSA on Twitter @cloudsa.

 

SAP‘s Maximilian Adrian and Björn Brencher had the chance to explain the security concepts and implementation for HANA Enterprise Cloud in an educational session. Ralph was on stage in a Cloud Vendor panel discussion.

 

Amsterdam.jpg

 

SAP has joined the Cloud Security Alliance as an executive corporate member.

 

“SAP is a world leader in enterprise applications,” said Daniele Catteddu, Managing Director, EMEA, for the CSA. “The insights that they bring, serving and innovating for their base of over 253,500 customers, will be critical in advancing our educational and thought leadership efforts throughout EMEA and globally. We look forward to our future collaborations on some of the most critical issues facing companies as they increase their efforts to consciously, securely move to the cloud.”

 

SAP IT’s multi layers of defense design for the HANA Enterprise Cloud:

 

Screen Shot 2014-05-01 at 15.08.09.png

 

More information about HANA Enterprise Cloud can be found at http://www.sap.com/HEC

 

But what is about Data Center Security? SAP builds up several new data centers and works with partners to provide data center capabilities for HANA Enterprise Cloud all over the world.

 

Screen Shot 2014-05-01 at 15.12.20.png

 

SAP’s Head of Infrastructure Services Martin Heisig teams-up with the security team to design, certify and run the SAP Data Centers with highest security level.

 

 

SAP takes security very seriously, leveraging standards and processes to build security into its software products and services from the very beginning.

 

Security is always a joint effort made by the company, its industry, standards organizations, governments, and IT vendors. However, businesses have to make trade-off decisions: functionality versus security, usability versus security, supportability versus security, and profitability versus security. In addition, security requirements depend on local regulations, company-specific IT infrastructure, and processes. That’s why a security concept always needs to be company specific, reflecting a company’s risk appetite and its protection goals.

 

Additional resources:

 

And now, last but not least: Don’t miss the updated HANA SPS 7 Security Overview! The purpose of this document is to give IT security experts a starting point and overview of what they need to understand about SAP HANA in order to comply with security-relevant regulations and policies and to protect their SAP HANA implementation and the data within from unauthorized access.

 

The document provides information on

  • The impact of the different SAP HANA scenarios on how security needs to be addressed
  • The framework and functions provided by SAP HANA that can be used to implement security and compliance requirements in line with the specific security, legal, and regulatory requirements
  • How SAP HANA can be integrated into existing security infrastructures and processes
  • Additional resources for more detailed information on SAP security topics

 

Best regards,

Matthias

Comments

Actions

Filter Blog

By author:
By date:
By tag: