Académique Documents
Professionnel Documents
Culture Documents
Public
Speakers
This presentation outlines our general product direction and should not be relied on in making a
purchase decision. This presentation is not subject to your license agreement or any other agreement
with SAP. SAP has no obligation to pursue any course of business outlined in this presentation or to
develop or release any functionality mentioned in this presentation. This presentation and SAP's
strategy and possible future developments are subject to change and may be changed by SAP at any
time for any reason without notice. This document is provided without a warranty of any kind, either
express or implied, including but not limited to, the implied warranties of merchantability, fitness for a
particular purpose, or non-infringement. SAP assumes no responsibility for errors or omissions in this
document, except if such damages were caused by SAP intentionally or grossly negligent.
Cyber Security
SAP Enterprise Threat Detection
Public
SAP Security Products Portfolio
SAP
Business
Suite
Make it simple for users to do Ensure corporate Manage the identity life-cycle Counter possible threats and Find and correct
Know your users and what
SAP Mobile what they are allowed to do. they can do.
compliance to in the cloud. identify attacks.
vulnerabilities in customer
Applications regulatory requirements. code.
Public
SAP Platforms: Common Security Capabilities
0010100
1110011
0011001
Public
Unified Security Architecture
ODBC
JDBC/ODBC
JDBC
HTTP(S)
Admin/Dev Application
Database XS
Authentication/SSO Encryption
Authentication/SSO Encryption
SAP HANA
For logon, users must exist in the identity store of the SAP HANA database
Roles (and privileges) can be assigned to users
Roles are used to bundle privileges create roles for specific groups of users
Role transport, can be integrated into development/production system landscape
Catalog and repository roles
Authentication/SSO Encryption
SAP HANA
Authentication/SSO Encryption
SAP HANA
Authentication/SSO Encryption
SAP HANA
Authentication/SSO Encryption
SAP HANA
Public
Federated Authentication and SSO in SAP HANA Cloud Platform
Authenticate / Delegate
Single Sign-On Authentication &
Identity Management via
SAML 2.0
Corporate
Network Prerequisite: SAML 2.0 compliance
Bring Your Own Identity
Main scenario: B2E
Provider
In-Memory dynamic tiering Storage
Engines
Hadoop
smart data streaming
remote data sync
Firewall
Authorization
Management
SAP HANA
Cloud Platform
IoT Services
Public
Spotlight on: Unified Connectivity (UCON)
Reduce the overall attack surface of your remote-enabled function modules (RFMs). Enhance RFC security by
blocking the access to a large number of RFMs
Public
SAP Single Sign-On
Provide simple and secure access to IT applications for business users, encrypt company data and protect
business-critical applications.
Grant and manage user access to applications securely and efficiently while meeting audit and compliance requirements.
Full identity lifecycle support
Integration with SAP ERP HCM and SuccessFactors
Central workflows for permission requests
Context/rule based permissions and roles SAP Business Suite
SAP Cloud
Integration with SAP Access Control for compliance checks Identity service
Identity analytics
User interfaces
Flexible identity schema via configuration only SAP SAP Identity Management
RESTful interfaces for SAP UI5 on different devices Access Control
Eclipse-based development environment
Connectors
Connectors and connector framework
Support of new cloud-based applications
Simple Cloud Identity Management Schema (SCIM) support
Virtualization and Federation
Virtual directory server
Identity federation
Public
SAP Enterprise Threat Detection
Provide insight into suspicious security events throughout the system landscape
Detection
Readily and efficiently identify security lapses in the
landscape
Use the power of a real-time data platform to detect
threats
Optimally protect your key business data
Insight
Gain insight into what is happening in
your IT landscape
Integrate with SAP and non-SAP data
Make use of attack detection patterns
Enable custom integration and configuration
Find SAP software-specific threats related to know attacks
Analysis & Prevention
Perform forensic investigations and discover new patterns
Efficiently analyze and correlate logs
Public
Secure Software Development
SAP NetWeaver Application Server, add-on for code vulnerability analysis
Public
SAP NetWeaver Application Server,
add-on for code vulnerability analysis
Find vulnerabilities in customer code to prevent cyber attacks against SAP systems.
Code scanning
Static Application Security Testing
Checks custom coding for security vulnerabilities
(SAST)
Includes Open Web Application Security Project
Extensive
(OWASP) top 10, like SQL injection, directory traversal, Exemption workflows to documentation to
backdoor & authorizations, web exploits, code injection ease handling of false support developers in
positives fixing the detected
and call injections issues
Integration Supports
Reduced false-
Fully integrated into ABAP development environment as positive rate automation
requirements by
through data flow
part of the automated test cockpit (ATC) analysis quality assurance
teams
Support
Supports developer in fixing the vulnerability,
and delivers extensive documentation Integrated into Priority of each
standard ABAP check can be
development adjusted to match
infrastructure requirements
Public
Public
Input for street:
xyz' salary = '1500
set_expr:
STREET = 'xyz'
salary = '1500'
...
SET STREET = 'xyz'
salary = '1500'
Public
Protecting your SAP Systems
Cloud and infrastructure security
Secure product development
Security services, support, and consulting
Public
Protecting your SAP Systems
Public
SAP HANA Cloud Platform Infrastructure Security
Benefits at a glance
Certified operations
High Availability
Role-based access: On-
BS25999 demand solutions support role-
CERTIFIED based access with user
profiles to allow segregation of
Quality Management duties
Planned coverage for SAP ISO 9001 Audit logging:
Cloud data centers: Two CERTIFIED On-demand solutions log all
data centers per major Reverse proxy farms user activities
International Accounting
region Multiple redundant Data encryption: Encryption
SAP HANA Cloud currently internet connections Regulations of confidential data at rest
hosted in data centers in Data encryption ISAE3402 Operations:
Germany, Netherlands, Intrusion Detection TESTIFIED* Two-factor authentication
Australia, and the USA Authorization on need-to-
System (IDS) SSAE16
TESTIFIED* know basis
Roadmap for global Multiple firewalls
coverage available from Minimal privileges and
Sandboxed application Energy Efficiency segregation of duties
SAP upon request. environment
GREEN IT Personalized log traces
Location is subject of Regular third party CERTIFIED Controlling system and regular
choice by customers. audits and penetration reviews
tests IT Operations
ISO 27001
CERTIFIED
BS25999
CERTIFIED
ISO 27001 ISO 27001 ISO 27001
CERTIFIED CERTIFIED CERTIFIED
2015 SAP SE or an SAP affiliate company. All rights reserved. Public 41
SAP Cloud Security
Attestations and certifications for the SAP Cloud
SF EC Payroll April 2015 next SOC 1,2 Attestations 2016 & 2017: Surveillance Audits,
2 x SOC 1 ISO 27001:2013
required 2018: Re Certification
Business by Design April 2015 next SOC 1,2 Attestations 2016 & 2017: Surveillance Audits,
2x SOC 1, 2x SOC 2 ISO 27001:2013
required 2018: Re Certification
Public
Secure Software Development
protect&&develop
2015 SAP SE or an SAP affiliate company. All rights reserved. Public 44
Prevent, detect, react
PRODUCT SECURITY
SAP Secure Software Development Lifecycle Surveillance of Threat Landscape Incident Handling
S2DL Security response
SAP Product Security Social Media
People, tools, and processes for building secure Analytics SAP Security Patch Day
products
Security conferences Optimizing patch
Our guidance: ISO 27034
Customer-Specific Services management
Enhanced Security Features
SAP Single Sign-On (Cloud / On-Premise) SAP Enterprise Threat Detection solution Emergency Handling
Common Crypto Lib (FIPS 140-2) SAP NetWeaver Code Vulnerability Security Service Offerings
Security Research Analyzer available for customers
Active Global Support
Encryption in the cloud Automated detection of misconfigurations in
customer systems Consulting
JavaScript security
Big Data for security: Content creation for SAP
Enterprise Threat Detection
Security awareness SECURIM Plan product standard Secure programming Dynamic testing Independent security Execute the security
Secure programming (Security Risk Identification compliance Static code scan Manual testing assessment response plan
and Management) Plan security features Code review External security
Threat modelling
Data Privacy Impact Plan security tests assessment
Security static analysis Assessment Plan security response
Data protection and privacy Threat Modeling
SAP Secure Software Development Lifecycle S2DL
Security expert curriculum
Common denominator: Product standard security as knowledge base across all phases
Public
SAP Security Services Offerings
Public
SAP Security Strategy Solutions, Services, Infrastructure
Significant investments into security for networked solutions, identity and access
governance, and integrated security management allow customers to implement
secure business processes on premise and in the cloud
Access replays of keynotes, Demo Jam, SAP TechEd live interviews, select lecture sessions, and more!
Hands-on replays
http://sapteched.com/online
No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP SE or an SAP affiliate company.
SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP SE (or an SAP affiliate
company) in Germany and other countries. Please see http://global12.sap.com/corporate-en/legal/copyright/index.epx for additional trademark information and notices.
Some software products marketed by SAP SE and its distributors contain proprietary software components of other software vendors.
These materials are provided by SAP SE or an SAP affiliate company for informational purposes only, without representation or warranty of any kind, and SAP SE or its
affiliated companies shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP SE or SAP affiliate company products and
services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as
constituting an additional warranty.
In particular, SAP SE or its affiliated companies have no obligation to pursue any course of business outlined in this document or any related presentation, or to develop
or release any functionality mentioned therein. This document, or any related presentation, and SAP SEs or its affiliated companies strategy and possible future
developments, products, and/or platform directions and functionality are all subject to change and may be changed by SAP SE or its affiliated companies at any time
for any reason without notice. The information in this document is not a commitment, promise, or legal obligation to deliver any material, code, or functionality. All forward-
looking statements are subject to various risks and uncertainties that could cause actual results to differ materially from expectations. Readers are cautioned not to place
undue reliance on these forward-looking statements, which speak only as of their dates, and they should not be relied upon in making purchasing decisions.