The Best Security for Your Cloud Part 1: Unique Multi-tenancy and Defense in Depth

Businesses large and small can now reap the benefits of cloud computing, one of which is the availability of core business applications via the Software-as-a-Service (SaaS) model. But while the benefits of such a model are exponential, so is the perception of risks. Security concerns for the application delivery environment in a SaaS model share many of the same concerns as other application delivery models. Where we really start to see a difference in the SaaS model in terms of security practices is around multi-tenancy, identity management, data storage and location, and data transmission and flow controls.

The good news is that when you partner with SAP for your SaaS applications, you don’t have to worry about any of these security concerns – because we do that all for you!

SAP Cloud uses a unique multi-tenant architecture that serves millions of users around the world in a secure yet cost-effective manner. For example, SuccessFactors an SAP company logically segments each customer’s data at the database level, complete with their own database schema. Customers can export their own schema out of the database, import or export data, and configure or modify fields. With this approach, SuccessFactors leverages the self-describing attributes of XML to abstract much of the unique customer data requirements into its object model, retaining all the advantages of a highly scalable and secure multi-tenant model while still offering a highly configurable application that does not comingle customers’ data. SuccessFactors also provides a distinct application instance per customer, offering better security through enforced memory segregation.

SAP Cloud has adopted one of the best defenses for cloud security risk in the industry. Called “defense in depth,” this approach combines information security best practices with layered technology. Designed to protect information confidentiality, integrity, and availability, the “defense-in-depth” strategy for cloud solutions from SAP is multilayered, with defenses at all the touch points in the flow of data, and provides complete and comprehensive privacy, transparency, and audit controls.

The critical layers in a “defense in depth” approach include several key levels, such as:

• Layer 1: The data center. To prevent downtime, whether from a power outage or illegal access, multilevel protection must begin right in the actual physical location of the data center. This can be a costly investment if done in-house, so it’s often outsourced to a trusted provider. At SAP, we provide environmentally controlled and secure facilities that use an integrated security management system. The embedded security measures are extensive, from electronic photo ID badging to biometrics and video surveillance. Our facilities also include extensive safeguards that immediately act on security breaches and shield against environmental disturbances. We also have implemented technical vulnerability management in our solutions to reduce the risks from the exploitation of any technical weakness.

• Layer 2:The database. Whether a database environment is a multi-instance or multitenant model, data must be secured while at rest, in transit, and in use – and so must access to the data during each of these occasions. Cloud solutions from SAP use the most sophisticated security mechanisms to secure data, including an advanced method based on dynamic data and encoded session identifications. SAP Cloud solutions also include load balancing, attack prevention, access control, database audits, information classification, data encryption, and back-up and restore measures.

• Layer 3:Middleware. Because the architecture of both software and hardware in cloud solutions can vary significantly from provider to provider, it’s important to explicitly understand what technologies are being used. It’s also important to understand what technical controls are in place for the security and privacy of the system throughout its lifecycle. Cloud solutions from SAP help ensure that safeguards are in place to enforce authentication, authorization, SSO and other identity and access management functions at all times.

• Layer 4: Application. The application layer must employ security measures that protect against loss, misuse, and unauthorized alteration of data. Cloud solutions from SAP include security measures to protect applications from insider threats, risky plug-ins and downloads, phishing and pharming, and improper logins.

• Layer 5: Network and communication. When securing a network infrastructure, it’s important to strike a balance between security and the availability of applications. Every component of an IT network—from the point of entry on the network down to the final place where information is stored—must be meticulously configured, deployed, maintained, and continually tested for optimal performance. Cloud solutions from SAP come with functionality that reinforces security through multiple Tier 1 Internet service providers (ISPs) while limiting internal network traffic to pass along only the data required by an application. All incoming requests are validated against business and security rules to protect against malicious access.

We do it – so you don’t have to!

When your business is protected by a “defense in depth” security solution, you can confidently reap the benefits of a SaaS cloud computing offering. With cloud solutions from SAP, you can be assured that your data is secure at all times. We work with the best security and monitoring providers to:

• Ensure individual server performance and uptime
• Maintain a smooth user experience
• Stop network intrusions
• Prevent malicious server attacks
• Protect against potential threats
• Identify information system problems
• Verify the effectiveness of security controls and compliance

At SAP, a seasoned team of industry experts that specialize in creating secure, reliable environments will help you save on IT staffing and build-out costs to safeguard your critical applications and data while keeping your business operations intact. We relentlessly focus on security—so you don’t have to.

To learn more about “defense in depth” and the approach SAP Cloud takes to secure your data, download this white paper entitled “SAP Cloud: Focusing on security, so you can focus on business.”