Four Pillars of the SAP Cloud Secure Strategy
SAP is committed to maintaining the highest levels of security for our customers, their data, and their processes.
Select each icon below to learn about the four pillars of the SAP Cloud Secure Strategy.
SAP Trust Center & My Trust Center
The SAP Trust Center is a self-service center where you can initiate requests and collect information related to security, privacy, and compliance for cloud services and on-premise software. Key areas of the site include:
- Cloud Status
- Cloud Operations
- Data Center
The My Trust Center is an area within the SAP Support Portal for SAP Trust Center and extends the public offering by granting access to additional documentation available only to SAP customers and partners with a valid SAP user ID. You can find the following:
- SAP Security Policies, Frameworks, and Technical and Organizational Measures (TOMs).
- Lists of SAP's sub-processors which provide data processing services on behalf of SAP to its customers
- Compliance evidence documents from SAP partners providing services to SAP (e.g. Hyperscaler infrastructure services).
- Useful links and documents about Security and Data Protection & Privacy for SAP Products, Cloud Services, Professional Services and Support.
SAP Global Security Team
At SAP locations around the world, the Physical Security team helps ensure that people are safe and that assets are protected.
In the event of a security risk or breach, the Cyber Defense & Design team manages incidents and vulnerabilities related to SAP offerings, including reports of suspicious activity provided by customers. This team also recommends and mandates baseline security configurations for SAP solutions across all operating systems, firewalls, and other configurations to prevent such security issues from the start.
To help ensure that SAP customers receive uniform and equal security, the Security Risk & Compliance team analyzes and translates audit information to provide actionable improvements. This team is also responsible for aligning and revising security policy.
The Security Enablement team empowers colleagues on security topics and handles general security questions from inside and outside of SAP.
The Communications team is likely the one with which you are most familiar. This team of experts trains the SAP employees responsible for answering many of your questions and creates FAQs and learning materials.
Data Center Security
A data center is the brain of a company and the place where the most-critical processes are run. The key to success of the SAP data center lies in the robust design of every individual component and in the redundancy of all critical components. This ensures that SAP can count on its "brain" at any time, and SAP customers can rely on the contractually guaranteed availability of cloud applications running in the data center.
How a Data Center works
There are three key components in a data center:
- Power Supply: The data center is connected to two separate grid sectors operated by the local utility company. If one sector fails, the second one continues to supply power. The data center also houses 13 diesel generators in a separate building. Together, they produce a total of 29 megawatts.
- Cooling: All electronic components and processors generate heat when operated. If it is not dissipated, the processor's efficiency may decrease to the point that the component could fail. Therefore, cooling a data center is essential - and costly, due to the concentrated computing power.
- Controlled Access: SAP data centers are the backbone of our cloud business. We use state-of-the-art technology and rigorous security to protect data virtually and physically against data breaches, fires, terror attacks, and other threats. Our data centers meet the highest security standards.
Integration, security, and performance between solutions located in different cloud data centers
All communication between Data Centers is encrypted by industry measures. The detail of implementation varies by solution and data flow.
Backup retention procedures
SAP conduct backups in the form of a disk-to-disk copy, which enables rapid data creation and recovery. In addition to full backups done on a daily basis, we create interim backup versions several times each day. We then archive these at a secondary location for security purposes.
Monitoring and logging access to SAP Data Centers
SAP data centers are monitored around the clock with video cameras at every entry point. We use these cameras to record and monitor each access event and log this in our access system for 90 days. Single-person access and "mantrap" systems provide access only to authorized individuals. Technicians can enter special rooms using custom-configured ID cards. High-sensitivity areas require authentication by means of biometric scans.
Technical security features
The multilayered, partitioned, proprietary network architecture permits only authorized access with:
- A Web dispatcher farm that hides the network topology from the outside world.
- Multiple Internet connections to minimize the impact of distributed denial-of-service (DDoS) attacks.
- Layered security measures that continuously monitors solution traffic for possible attacks.
- Multiple firewalls that divide the network into protected segments and shield the internal network from unauthorized Internet traffic.
- Third-party audits performed throughout the year to support early detection of any newly introduced security issues.
Hybrid Security with Enterprise Security Services
Enterprise Security Services is a holistic approach for addressing cloud security. It provides a comprehensive guide to the different security services that are available and explains when they should be used, and how to integrate them.
Components of Enterprise Security Services:
- Cloud Identity Services address identity and access management in the cloud. They can be used across the SAP cloud solution portfolio, and they include the Identity Authentication and Identity Provisioning services as a part of SAP Cloud Identity Services.
- Secure Development Services help support the development of secure applications on the Business Technology Platform. These services, such as SAP Cloud Application Programming Model and the Cloud Connector, enable developers to build secure enterprise business applications.
- Risk and Compliance are provided by solutions such as SAP Cloud Identity Access Governance to help security administrators manage risks and meet corporate compliance goals.
- Insight is delivered by SAP through its SAP Trust Center site to provide a transparent view into how SAP manages cloud applications for customers. With SAP Data Custodian, SAP customers can gain insight into the location and movements of data.
Security partners complete the picture by providing generic services such as static code and open source vulnerability scanners.