Skip to Content
Author's profile photo Former Member

The Best Security for Your Cloud Part 1: Unique Multi-tenancy and Defense in Depth

Businesses large and small can now reap the benefits of cloud computing, one of which is the availability of core business applications via the Software-as-a-Service (SaaS) model. But while the benefits of such a model are exponential, so is the perception of risks. Security concerns for the application delivery environment in a SaaS model share many of the same concerns as other application delivery models. Where we really start to see a difference in the SaaS model in terms of security practices is around multi-tenancy, identity management, data storage and location, and data transmission and flow controls.

The good news is that when you partner with SAP for your SaaS applications, you don’t have to worry about any of these security concerns – because we do that all for you!

SAP Cloud uses a unique multi-tenant architecture that serves millions of users around the world in a secure yet cost-effective manner. For example, SuccessFactors an SAP company logically segments each customer’s data at the database level, complete with their own database schema. Customers can export their own schema out of the database, import or export data, and configure or modify fields. With this approach, SuccessFactors leverages the self-describing attributes of XML to abstract much of the unique customer data requirements into its object model, retaining all the advantages of a highly scalable and secure multi-tenant model while still offering a highly configurable application that does not comingle customers’ data. SuccessFactors also provides a distinct application instance per customer, offering better security through enforced memory segregation.

SAP Cloud has adopted one of the best defenses for cloud security risk in the industry. Called “defense in depth,” this approach combines information security best practices with layered technology. Designed to protect information confidentiality, integrity, and availability, the “defense-in-depth” strategy for cloud solutions from SAP is multilayered, with defenses at all the touch points in the flow of data, and provides complete and comprehensive privacy, transparency, and audit controls.

The critical layers in a “defense in depth” approach include several key levels, such as:

  • Layer 1: The data center. To prevent downtime, whether from a power outage or illegal access, multilevel protection must begin right in the actual physical location of the data center. This can be a costly investment if done in-house, so it’s often outsourced to a trusted provider. At SAP, we provide environmentally controlled and secure facilities that use an integrated security management system. The embedded security measures are extensive, from electronic photo ID badging to biometrics and video surveillance. Our facilities also include extensive safeguards that immediately act on security breaches and shield against environmental disturbances. We also have implemented technical vulnerability management in our solutions to reduce the risks from the exploitation of any technical weakness.
  • Layer 2:The database. Whether a database environment is a multi-instance or multitenant model, data must be secured while at rest, in transit, and in use – and so must access to the data during each of these occasions. Cloud solutions from SAP use the most sophisticated security mechanisms to secure data, including an advanced method based on dynamic data and encoded session identifications. SAP Cloud solutions also include load balancing, attack prevention, access control, database audits, information classification, data encryption, and back-up and restore measures.
  • Layer 3:Middleware. Because the architecture of both software and hardware in cloud solutions can vary significantly from provider to provider, it’s important to explicitly understand what technologies are being used. It’s also important to understand what technical controls are in place for the security and privacy of the system throughout its lifecycle. Cloud solutions from SAP help ensure that safeguards are in place to enforce authentication, authorization, SSO and other identity and access management functions at all times.
  • Layer 4: Application. The application layer must employ security measures that protect against loss, misuse, and unauthorized alteration of data. Cloud solutions from SAP include security measures to protect applications from insider threats, risky plug-ins and downloads, phishing and pharming, and improper logins.
  • Layer 5: Network and communication. When securing a network infrastructure, it’s important to strike a balance between security and the availability of applications. Every component of an IT network—from the point of entry on the network down to the final place where information is stored—must be meticulously configured, deployed, maintained, and continually tested for optimal performance. Cloud solutions from SAP come with functionality that reinforces security through multiple Tier 1 Internet service providers (ISPs) while limiting internal network traffic to pass along only the data required by an application. All incoming requests are validated against business and security rules to protect against malicious access.

We do it – so you don’t have to!

When your business is protected by a “defense in depth” security solution, you can confidently reap the benefits of a SaaS cloud computing offering. With cloud solutions from SAP, you can be assured that your data is secure at all times. We work with the best security and monitoring providers to:

  • Ensure individual server performance and uptime
  • Maintain a smooth user experience
  • Stop network intrusions
  • Prevent malicious server attacks
  • Protect against potential threats
  • Identify information system problems
  • Verify the effectiveness of security controls and compliance

At SAP, a seasoned team of industry experts that specialize in creating secure, reliable environments will help you save on IT staffing and build-out costs to safeguard your critical applications and data while keeping your business operations intact. We relentlessly focus on security—so you don’t have to.

To learn more about “defense in depth” and the approach SAP Cloud takes to secure your data, download this white paper entitled “SAP Cloud: Focusing on security, so you can focus on business.

Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Luke Marson
      Luke Marson

      Hi Vinod,

      Great blog and important topic. Despite all of the myths around Cloud security and the potential risks (both of which are identical for on-premise and in many cases even more so than Cloud), security is incredibly robust. The multiple layers provide a strong line of defense for the customer's data and is a watertight approach.

      Best regards,


      Author's profile photo Former Member
      Former Member
      Blog Post Author

      Hi Luke,

          Thanks for the encouragement.  Its true that most of the security concerns about cloud should not be a concern anymore.  We should be used to the ASP model handling our data.  In fact with cloud vendors it is in their vested interest to offer security that is full proof and to give customers the confidence to move to the cloud.  We can do so because of the economies of scale we have.  We have a saying "we built the exact same security infrastructure your IT team would if they had unlimited budget."



      Author's profile photo Former Member
      Former Member

      Hi Vinod,

      Good to know these pointers. Things like this help us understand the environment better.

      Thanks a lot! Keep going!

      Author's profile photo Former Member
      Former Member

      It is highly informative and give confidence on Cloud security concerns

      Author's profile photo Vincent Ong Kok Wee
      Vincent Ong Kok Wee

      Hi Vinod,

      Very nice blog indeed, thanks for sharing the knowledge.

      I would like to ask, Cloud, like all other software, it needed a Hardware. Which means, the customer's data is storing in a place far away from them in a data center which located in some country. No matter how secure the cloud is, what if, the Physical server been compromised? or Hacked or HardDisk being Copied?

      Maybe what I am asking unlikely to happen, but it's possible, isn't it?

      I do apologies on what I said it's indeed a bit exaggerating , but there are customer who asked these question and appreciated it if you can shed some light on this 🙂