Security is #1 concern for enterprise organizations when building a cloud choice. Security is an important topic. But it needs a sense of proportion over an emotional discussion.
The force along the security isobars of IT are high but need at least space for value and business oriented conversation about cloud – how to help business become more agile and insightful.
The SAP Cloud Strategy and Customer Co-Innovation team regularly meets customers and discuss expectations, opportunities and concerns.
Let´s look into the 3 most important aspects of security.
1) Location Matters
Cloud Communications are dominated by one question: “How secure is the cloud?” This is a tip of the iceberg question which normally leads to questions around:
- Physical Security and Data Location
- Network Security
- Backup & Recovery
- Operational Compliance
- Confidentiality & Integrity
- Data Portability
However, According to the latest Data Breach Investigations Report, 86% of all security breaches were executed by the use of stolen login credentials, making secure enforcement of employee passwords and single sign-on policies “a must”.
The location of a datacenter where the cloud solution and the respective data is handled fires up further discussions and IT definitively worry where the data is stored physically. The strictness of European regulations, and especially regulations in Germany (Germany’s Federal Data Protection Act which is known as Bundesdatenschutzgesetz or BDSG. The laws were reformed significantly in 2009 to cover a range of data protection-related issues), can help build trust when deciding on a geographical storage location for customers data.
And lets not forget, all of the above applies to on-premise as well as cloud solutions.
2) It is all about trust
With cloud computing the insight of security changed deeply. It makes trust the #1 asset and brand value in cloud computing. And this drives us here at SAP.
SAP handles data with the utmost discretion and strives to deliver services and support that allow business-critical processes to run safely.
The primary aim is to secure customers against unauthorized data access and misuse, as well as confidential data disclosure, using various measures for employees, applications, organization, systems, and networks.
SAP is the leading provider for Enterprise business software in the market and is transforming rapidly into a Cloud Company with a comprehensive cloud portfolio. SAP is used to working with very sensible customer data. Data security and data privacy is part of the DNA – and to earn customer´s trust every day is the mission.
SAP runs cloud solutions and services at the same high level of security as its customers are used to for all other highly critical business processes.
SAP invests more in security, especially for the cloud, in most cases more than an IT Organization inside a large companies is able or willing to do. All companies, not only smaller ones without access to such resources definitely benefit.
Cloud computing with its different layers takes the burden of commodity task off the In-house IT to allow IT to concentrate on Value Add tasks. At the same time Cloud vendors concentrate on specific tasks and professionalize them to the maximum. This constant repetition and automation help eliminate manual steps and sources of errors.
Data encryption for user devices using SSL is another good example. You need to control every level of the cloud-computing stack, from datacenter to database to middleware and the applications layer.
In our Public Cloud model, every layer of the stack goes through rigorous security audits and adheres to most stringent security standards. We follow transparent security and auditing standards and adhere to the most stringent data privacy standards.
3) Manage the militarized and a de-militarized Zone on the Web
EU 95/46 EC, PCI-DSS, ISO 27002, BS7799, ASIO-4, FIPS Moderate, BS10012, SSAE-16/SOC2… Just to name the most important audit standards and certificates, which apply to datacenter and services, keeping a customer´s data secure.
SAP has achieved all of these certifications. In addition, our network architecture is multi-tiered. End-user traffic is limited to the front Demilitarized Zone (DMZ) tier of Web servers only. Each single tier in the hosting environment is organized into a DMZ-like pattern. This allows a firewall or Virtual Local Area Networks (VLAN) separation between each tier. A request is individually validated before creating the next tier independent request.
These are just a few examples of a long list. To answer all these challenge, SAP frequently undergo a SSAE16-SOC2 Type II auditing, twice a year.
SAP is the leading provider for Enterprise business software and is investing more to stay on top for the future. SAP offers its customers and partners to move to the cloud, and we learn new things every day through co-innovation how to improve the solutions (see portfolio here) and services we offer to our prospective clients.
Security is a major concern for SAP and its customers and partners – making security as simple as 1-2-3 is the top priority.
Courtesy: SAP Community Network