{"id":326,"date":"2019-07-16T23:21:43","date_gmt":"2019-07-16T23:21:43","guid":{"rendered":"https:\/\/cybersecom.co\/?p=326"},"modified":"2024-02-09T23:49:19","modified_gmt":"2024-02-09T23:49:19","slug":"managing-security-in-the-sap-cloud-systems","status":"publish","type":"post","link":"https:\/\/cybersecom.co\/index.php\/2019\/07\/16\/managing-security-in-the-sap-cloud-systems\/","title":{"rendered":"Managing Security in the SAP Cloud Systems"},"content":{"rendered":"<div class=\"wp-block-post-date\"><time datetime=\"2019-07-16T23:21:43+00:00\">July 16, 2019<\/time><\/div>\n\n\n<h3 class=\"wp-block-heading\"><strong>Using the eBook to help manage SAP Cloud Systems:<\/strong><\/h3>\n\n\n\n<p>The&nbsp;<a href=\"https:\/\/www.sap-press.com\/security-for-sap-cloud-systems_4908\/\" target=\"_blank\" rel=\"noreferrer noopener\">Security for SAP Cloud System eBook<\/a>&nbsp;will help you to learn about the Security in your SAP cloud system. You will understand where security responsibilities lie\u2014with SAP or with the customer\u2014 and then take a tour of the practices, services, and tools that ensure your cloud operations are secure. Including compliance guidelines and local regulations, such as&nbsp;<a href=\"https:\/\/en.wikipedia.org\/wiki\/General_Data_Protection_Regulation\" target=\"_blank\" rel=\"noreferrer noopener\">GDPR<\/a>.&nbsp;You will also see how security regulations impact your cloud system.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Conclusion:<\/strong><\/h3>\n\n\n\n<p>&#8211;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href=\"https:\/\/www.sap.com\/about\/trust-center\/security.html#intelligent-enterprise\" target=\"_blank\" rel=\"noreferrer noopener\">SAP\u2019s Intelligent Enterprise<\/a>&nbsp;is driving&nbsp;<strong>Security Strategy&nbsp;<\/strong>to provide a clear direction for both the customer and SAP<\/p>\n\n\n\n<p>&#8211;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;The&nbsp;<a href=\"https:\/\/www.sap-press.com\/security-for-sap-cloud-systems_4908\/\" target=\"_blank\" rel=\"noreferrer noopener\">Security for SAP Cloud System eBook<\/a>&nbsp;can help readers understand and&nbsp;<strong>manage Security&nbsp;<\/strong>in SAP Cloud Systems<\/p>\n\n\n\n<p>&#8211;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;SAP Cloud Secure and Layers of Assurance provides a&nbsp;<strong>transparent approach<\/strong>&nbsp;to Security<\/p>\n\n\n\n<p>&#8211;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href=\"https:\/\/www.sap.com\/about\/trust-center\/agreements\/cloud\/cloud-services.html?search=Data%20Processing\" target=\"_blank\" rel=\"noreferrer noopener\">Data Privacy Controls<\/a>&nbsp;are the&nbsp;<strong>Core of how SAP handles customer\u2019s data<\/strong><\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Why I wrote the ebook, Security for Cloud Systems<\/h4>\n\n\n\n<p>After being at SAP for more than a decade, having helped hundreds of customers around the globe across all industry, I was honored when SAP Press invited me to write an ebook elaborating on my expertise on security in the cloud.&nbsp;A friend once told me a life is incomplete until one plants a tree, has a child, and writes a book.&nbsp;How right he was: writing a book has allowed me to bring together my years of experience and knowledge for easy dissemination and sharing.&nbsp;<\/p>\n\n\n\n<p>This book elaborates on a fairly simple approach for how to manage Security with SAP (On Premise and Cloud) solutions.<\/p>\n\n\n\n<p>Managing cyber-security is complicated, and it gets more complex when business-critical data is handled in a Cloud environment. The transparency over the role that products and services play in a software solution requires a detailed understanding of the technology platform, the legal agreement and the security policy before data is handed over.<\/p>\n\n\n\n<p>I have helped countless of SAP\u2019s premium customers (known as \u201c<a href=\"https:\/\/www.sap.com\/services\/premium-engagement\/maxattention.html\" target=\"_blank\" rel=\"noreferrer noopener\">MaxAttention<\/a>&nbsp;customers\u201d) on a variety of solutions including; Security Optimization Service, Security Workshop, and planning their Security Roadmap for SAP projects. In addition, I have had many discussions with customers on Cloud migration and addressed concerns over implementing multiple SAP security solutions, such as&nbsp;<a href=\"https:\/\/www.sap.com\/products\/technology-platforms\/grc.html\" target=\"_blank\" rel=\"noreferrer noopener\">GRC<\/a>,&nbsp;<a href=\"https:\/\/www.sap.com\/products\/solution-manager.html\" target=\"_blank\" rel=\"noreferrer noopener\">SolMan<\/a>, and&nbsp;<a href=\"https:\/\/www.sap.com\/products\/enterprise-threat-detection.html\" target=\"_blank\" rel=\"noreferrer noopener\">ETD<\/a>. This work motivated me to help customers understand how SAP drives Security into the Cloud solutions portfolio. From securely delivering the Intelligent Enterprise, the shift of responsibilities from on premise to SAP cloud, to SAP Cloud Secure and finally, the role of regulations such as GDPR, and others around the globe.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>A Quick Summary of Topics in the Book<\/strong><\/h3>\n\n\n\n<p>&#8211;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;SAP\u2019s Intelligent Enterprise strategy drives security from services to products<\/p>\n\n\n\n<p>&#8211;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;There is a responsibility shift when going from an on premise environment to the SAP Cloud<\/p>\n\n\n\n<p>&#8211;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;SAP Cloud Secure offers with multiple layers of assurance which provides transparency<\/p>\n\n\n\n<p>&#8211;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;The role of the EU\u2019s GDPR in Data Privacy for SAP<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>SAP\u2019s Strategy Delivered with Security in Mind<\/strong><\/h3>\n\n\n\n<p>In 2019, SAP helps customers turn into intelligent enterprises by implementing&nbsp;<a href=\"https:\/\/www.sap.com\/products\/intelligent-enterprise.html\" target=\"_blank\" rel=\"noreferrer noopener\">SAP\u2019s Intelligent Enterprise<\/a>, a strategic initiative to help drive&nbsp;Visibility,&nbsp;Focus&nbsp;and&nbsp;Agility. How does security play a role?<\/p>\n\n\n\n<p>&#8211;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;SAP provides visibility, from logs to process efficiency<\/p>\n\n\n\n<p>&#8211;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;There is a focus on critical security requirements, from technology to regulations<\/p>\n\n\n\n<p>&#8211;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;An ability to be agile and adapt and respond in real time<\/p>\n\n\n\n<p>This strategy is fundamentally changing how SAP applies its security from the Intelligent Suite to Digital Platform and finally improving the Intelligent Technologies. Customers can expect better integration and greater synergy within SAP systems. SAP delivers our products with three components in mind:<\/p>\n\n\n\n<p>&#8211;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Secure Products<\/p>\n\n\n\n<p>&#8211;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Secure Operations<\/p>\n\n\n\n<p>&#8211;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Secure Company<\/p>\n\n\n\n<p>More information can be found in the&nbsp;<a href=\"https:\/\/www.sap.com\/about\/trust-center\/security.html\" target=\"_blank\" rel=\"noreferrer noopener\">security tab<\/a>&nbsp;of The&nbsp;<a href=\"https:\/\/www.sap.com\/about\/trust-center.html\" target=\"_blank\" rel=\"noreferrer noopener\">SAP Trust Center<\/a>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Security Responsibility<\/strong><\/h3>\n\n\n\n<p>As described in Chapter One of my book, having a strategy focused on securing the Intelligent Enterprise as the foundation for delivering Secure Products and Secure Operations, the security responsibility remains shared between the customers and SAP. In general, there are 2 key points:<\/p>\n\n\n\n<p>&#8211;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;The security of the Code that delivers the service is assumed by SAP<\/p>\n\n\n\n<p>&#8211;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;The security of the use of the application is always shared between how the customer implement the solution and feature or platform delivered by SAP.<\/p>\n\n\n\n<p>More information can be found in the ASUG Webinar:&nbsp;<a href=\"https:\/\/event.on24.com\/wcc\/r\/1586072\/8920EF9FEE10E8DBD8671EA9F536D4E9\/246253\" target=\"_blank\" rel=\"noreferrer noopener\">Ten Best Practice to Mitigate Risk to your SAP System \u2013 What You Need to Know and Do Today!<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>SAP Cloud Secure and Layers of Assurance<\/strong><\/h3>\n\n\n\n<p>In order to provide transparency on how SAP manages security in the Cloud, SAP Cloud Secure, together with the Layers of Assurance have been put in place to do just that. I clarified them in detail in Chapter 3. Where I describe how SAP Cloud Secure includes different Layers of assurance, which are:<\/p>\n\n\n\n<p>&#8211;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Contractual Agreement (the legal agreement between customer and SAP)<\/p>\n\n\n\n<p>&#8211;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Independent Validation (the audit and certification)<\/p>\n\n\n\n<p>&#8211;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Security Standards Management (the best practices)<\/p>\n\n\n\n<p>&#8211;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Secure Architecture (the protection of the platform and application)<\/p>\n\n\n\n<p>The Layers of Assurance provides a&nbsp;<strong>transparent<\/strong>&nbsp;and easier approach to understanding SAP\u2019s commitment.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>The role of GDPR in SAP<\/strong><\/h3>\n\n\n\n<p>Finally, SAP\u2019s commitment to provide a peace of mind in security and comply with local regulations remains unchanged. The role of EU\u2019s GDPR and other local regulations that have fundamentally changed security as it relates to data privacy. The vow to comply with data privacy regulation is listed in&nbsp;<a href=\"https:\/\/www.sap.com\/about\/trust-center\/agreements\/cloud\/cloud-services.html?search=Data%20Processing\" target=\"_blank\" rel=\"noreferrer noopener\">DPA-Data Processing Agreement<\/a>&nbsp;(part of the Contractual Agreement), where SAP lists Technical Organizational Measures and in Appendix 3 of the DPA coupling with relevant Articles of GDPR.<\/p>\n\n\n\n<p>For those who are new to GDPR, I have written a blog on&nbsp;<a href=\"https:\/\/cybersecom.co\/index.php\/2018\/05\/25\/how-gdpr-is-disrupting-the-global-privacy-law-and-benefiting-us\/\" target=\"_blank\" rel=\"noreferrer noopener\">How GDPR is Disrupting the Global Privacy Law and Benefiting Us<\/a>, where I &nbsp;provided an overview of its importance across the globe. In Chapter 10 of the&nbsp;<a href=\"https:\/\/www.sap-press.com\/security-for-sap-cloud-systems_4908\/\" target=\"_blank\" rel=\"noreferrer noopener\">eBook<\/a>, I explain the important process of how local regulations, including GDPR, are affecting SAP\u2019s Data Privacy Controls.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">In summary:<\/h3>\n\n\n\n<p>&#8211;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;I shared my experience in Security for SAP systems in the eBook, including how SAP delivers security in SAP Cloud System<\/p>\n\n\n\n<p>&#8211;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;SAP security strategy covers products, operations and company<\/p>\n\n\n\n<p>&#8211;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;The responsibility over security is shared by both customer and SAP<\/p>\n\n\n\n<p>&#8211;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;SAP ensure security in cloud through SAP Cloud Secure using layers of assurance<\/p>\n\n\n\n<p>&#8211;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;GDPR is the main driver of data privacy practice in SAP<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Using the eBook to help manage SAP Cloud Systems: The&nbsp;Security for SAP Cloud System eBook&nbsp;will help you to learn about the Security in your SAP cloud system. You will understand where security responsibilities lie\u2014with SAP or with the customer\u2014 and then take a tour of the practices, services, and tools that ensure your cloud operations [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":327,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10],"tags":[20,18,19],"class_list":["post-326","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-insight","tag-cloud","tag-sap","tag-security"],"_links":{"self":[{"href":"https:\/\/cybersecom.co\/index.php\/wp-json\/wp\/v2\/posts\/326"}],"collection":[{"href":"https:\/\/cybersecom.co\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecom.co\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cybersecom.co\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecom.co\/index.php\/wp-json\/wp\/v2\/comments?post=326"}],"version-history":[{"count":3,"href":"https:\/\/cybersecom.co\/index.php\/wp-json\/wp\/v2\/posts\/326\/revisions"}],"predecessor-version":[{"id":333,"href":"https:\/\/cybersecom.co\/index.php\/wp-json\/wp\/v2\/posts\/326\/revisions\/333"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecom.co\/index.php\/wp-json\/wp\/v2\/media\/327"}],"wp:attachment":[{"href":"https:\/\/cybersecom.co\/index.php\/wp-json\/wp\/v2\/media?parent=326"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecom.co\/index.php\/wp-json\/wp\/v2\/categories?post=326"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecom.co\/index.php\/wp-json\/wp\/v2\/tags?post=326"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}