WIXLIB

SAP Cloud Platform 2017 SAP SE or an SAP affiliate company. All rights reserved.Security in SAP Cloud Platform:Trust Matters1 / 13

Table of Contents3Data Centers and Physical Security5Security Architecture6Operational Security Management7Incident, Threat, and Vulnerability Management9Data Governance and LegalCompliance11Service Resilience12 Security Services in SAP CloudPlatform2 / 13 2017 SAP SE or an SAP affiliate company. All rights reserved.

SAP Cloud Platform is an essential part of SAP’s digital strategy. It is theplatform for our customers’ and partners’ transformation journey towarddigital business models. This open platform as a service (PaaS) providesunique in-memory database and application services. It is the proven cloudplatform that enables you to rapidly develop new applications or extend existing ones, all in the cloud. Our customers’ trust in the security ofSAP Cloud Platform remains the ultimate currency.This document provides you with an understanding of our comprehensive approach to security inSAP Cloud Platform. Beyond this, the documentgives an overview of the available security servicesin SAP Cloud Platform and of their functional capabilities. They are an integral part of our offering, and they support you when you entrust yourprocesses and data to SAP Cloud Platform.Out there in the marketplace, one can find anever-increasing number of cloud offerings. Security has become a competitive differentiator. Weat SAP rely on more than 40 years of experienceto provide thorough security for our cloud platform. This security is the result of a multitude ofdiligently designed, planned, and implementedmeasures. They span all the different aspectsnecessary to provide our customers with a cloudsolution that has one of the highest levels ofsecurity in the industry. In this document, wetouch on many of these measures to be as transparent as possible and to give you confidencewhen you choose SAP Cloud Platform.DATA CENTERS AND PHYSICAL SECURITYIn a cloud world, data no longer remains lockedinside the safe walls of a customer’s own datacenter. Instead, it moves into the cloud, whichconsequently means building a strong partnership with your cloud provider. To support yourdigitalization strategy, we at SAP use SAP-owneddata centers in combination with private space(collocation facilities) that we rent from externaldata center providers (collocation providers) aswell as from infrastructure-as-a-service (IaaS)cloud providers around the world. This ensures aglobal reach and fast growth in various countries.All SAP data centers fulfill at least Level 3 ofSAP’s data-center-level rating system. First andforemost, this means that we apply the “n 1principle,” meaning that if n items of equipmentare required for something to work, there is alwaysone additional item. That is, if any one item ofequipment breaks down, everything can still workas intended. We follow this principle for variousdata center capabilities, including the number3 / 13 2017 SAP SE or an SAP affiliate company. All rights reserved.

of transformers to power the data center; thenumber of uninterruptible power supply systemsand cooling systems; and the number of availablewide-area-network and local-area-network connec tion lines. The availability of power generators,fire detection equipment, and fire extinguishingsystems adds to these data center capabilities.Meanwhile, data center personnel ensure thaton-site response times are less than 60 minutes.Additionally, SAP demands industry-standardattestations and certifications so that we can showour customers the secure and reliable operationsand control framework of our collocation andIaaS providers.Regardless of whether data is stored in an SAP-owned data center or in a collocation datacenter, the same procedures and standardsapply: SAP does not transfer customer data outsidethe predefined region (unless the customerhas been notified or such transfer is a featureof the solution), nor does SAP share it withunauthorized third parties. The collocation provider has no administrativeaccess to the SAP cloud servers. The collocation provider’s services focus onlyon the provision of power, cooling, and datacenter space.Data center security goes beyond securing thefacilities; it also encompasses the human factor.All SAP data centers and the areas surroundingthem are monitored by security guards on a 24x7basis using closed-circuit-television surveillancecameras. Perimeter intrusion detection systemssuch as motion sensors are also in place to detectunexpected access. All movements generatean alarm that is monitored by security staff. Toensure proper functionality, the sensors and surveillance cameras are maintained on a regularbasis. As a minimum requirement for access,security badges must be shown. In some datacenters, SAP has implemented stronger accesscontrols, including biometrics.All SAP data center providers keep a log of thenames of people entering the server areas usedfor services for SAP Cloud Platform within theSAP data centers, and of the times they entered.A request workflow for access to the SAP datacenter facilities is implemented and aligned with SAP.Requests are approved by authorized managers.If the access request is not renewed after a spe cified period, access is terminated automaticallyafter a certain amount of time.The security architecture of SAP Cloud Platformaims to establish security measures that areamong the highest in the industry. This securityis the result of multiple diligently designed,planned, and implemented measures.4 / 13 2017 SAP SE or an SAP affiliate company. All rights reserved.

Secure application containers: SAP CloudPlatform supports multiple programming models(for example, Java and Java EE, SAP HANA , andHTML5). The application containers offered asa service are secured by default, according tothe latest Web application security best practices.Additionally, the containers provide state-ofthe-art capabilities to application providers toimplement secure applications. System hardening: All systems in the stack forSAP Cloud Platform are hardened. This meansthat all nonessential services are deactivated inthe system. In addition, user accounts that arenot required are deleted. Client media encryption: Device encryption isestablished for storage of data at rest on laptops, desktops, and mobile devices if used forthe data classified as “confidential,” includingThe following overview concretizes this:customer data. By default, all SAP-controlled Customer and network segregation: SAP Cloudlaptops and PCs are supplied with an encryptedPlatform is set up in a fenced network, separatedhard drive.from the SAP internal network. Customer applications run in sandboxed environments, isolated Deletion of data: Backup data is retained fora period of 14 days. Logs from customer applifrom each other and isolated from the systemscations are retained as follows:that provide the services and manage the infra––Maximum of 14 days for development logsstructure for SAP Cloud Platform. The internal––Maximum of 18 months for audit logs, unlesstraffic is controlled by firewalls. Administrativean extended retention period is required byaccess for SAP is managed through a terminalthe customerservice that requires strong authentication. Secure communication: SAP Cloud Platform isThe following conditions apply, as long asconfigured to use secure communication in permitted by the applicable local laws andaccordance with the protection require ment ofindustry-specific regulations:the transmitted information. Suitable measures––All paper materials are shredded afterfor securing the exchange of information are termination of the customer contract.used. For strong encryption methods and keys,––Customer data on SAP Cloud Platform isSAP uses at least a 128-bit symmetric key or adeleted upon customer request and accord2,048-bit asymmetric key, as well as strong anding to the conditions agreed to betweeninternationally recognized cryptographicSAP and the customer.algorithms.SECURITY ARCHITECTUREThe security architecture of SAP Cloud Platformaims to establish security measures that areamong the highest in the industry. As a publicPaaS offering, SAP Cloud Platform is a multitenantenvironment, which allows the execution of customcode. Therefore, an important security objectiveis the isolation of customer systems and dataflows between them and services for SAP CloudPlatform. This is achieved by two lines of defense: Application sandboxing: Restricting and managing the capabilities of an applicationwithin the container in which it runs Network sandboxing: Restricting and managing the capabilities of an application to accessother systems in the landscape5 / 13 2017 SAP SE or an SAP affiliate company. All rights reserved.

OPERATIONAL SECURITY MANAGEMENTTo assure the reliability, integrity, availability, andauthenticity of your data, it is essential that we atSAP operate SAP Cloud Platform securely. Ouroperational security management operations aredescribed below and summarized in Figure 1: Change management follows a formal processthat is reviewed and approved regularly. Startingwith an impact analysis of the change prior toimplementation, change requests are consequently planned, tested, tracked, and maintained. SAP’s security-patch management process mitigates threats and vulnerabilities. SAP’ssecurity team rates security patches basedon the Common Vulnerability Scoring Systemstandard for operating systems, databases,and virtualization in cloud services. Criticalsecurity vulnerabilities that might endangerSAP’s service delivery capabilities in SAP CloudPlatform are patched on a priority basis.Figure 1: Four Aspects of OperationalSecurity remanagement Securing SAP Cloud Platform requires sophis ticated malware protection. Therefore, SAP hasdefined and implemented a malware management process with which we consistently andcontinuously ensure secure service deliveryfree of viruses, spam, spyware, and other malicious software. It comprises antimalware agent deployment, regular scans, and malwarereporting processes. SAP’s comprehensive administrative useraccess management follows the principlesof minimal authorization (the need-to-knowprinciple) and segregation of duties. Administrative access to data processing systems inSAP Cloud Platform is subject to strict requirements for personnel and is managed by anaccess management tool for cloud services.Each access request is assessed by authorizedapprovers who define the validity of the access.Only a limited number of authorized personshave administrative access rights to this accessmanagement tool.To react swiftly when employees leave SAP, theaforementioned access management tool is synchronized with the corporate human resourcesand enterprise resource planning system on adaily basis. Thus, user accounts of employeeswho leave SAP are automatically deactivated withimmediate effect in the access management tool.ChangemanagementSecurity-patchmanagement6 / 13 2017 SAP SE or an SAP affiliate company. All rights reserved.