In this latest article in our data privacy and security series, we discuss cloud data security.
Read the first installments of the series here.
Cloud applications and services offer flexibility,
innovation, and speed. Yet data security concerns – encompassing unauthorized
access, information privacy, and business continuity – remain stumbling blocks
when evaluating a move to the cloud. Companies must also comply with local laws
and industry regulations governing how data must be secured and held private.
One of the common misconceptions about cloud data
security is that more onsite control equals more security. But sophisticated
in-house security is complex and expensive, and midsize companies seldom have
the IT resources to devote to it. For most small and midsize businesses,
trusting their data to a respected cloud services provider with the transparency,
capacity, and skills to ensure privacy and security is the most secure choice.
Whether you store your data on premise or in a
private or public cloud, data security is critical – and to make the right
choices, you need a clear roadmap and security framework.
Asking the right questions
To begin assessing your situation, ask yourself
these three questions about data privacy and security:
Is the collection and use of this data legally allowed?
Some countries have laws prohibiting collection, use, or processing
of certain types of data – for example, the European Data Protection Directive
or US HIPAA privacy laws. Legal constraints apply regardless
of whether you choose an on-premise or cloud solution.
Is the data secure?
The answer here varies based on whether the data is
controlled on premise or in the cloud. If it’s in house, you’re ultimately responsible
for ensuring data security. With a cloud solution, do your homework on your
cloud provider’s security standards and practices. In many cases, data security
is a joint effort. The cloud provider manages the infrastructure (and should
rely on industry standards including the ISO27000 framework). The customer is generally
responsible for data access, authentication, and authority.
Is the solution reliable?
For in-house solutions, testing
and control is the customer’s responsibility. With a cloud provider – which can
serve thousands of customers on multitenant or public clouds – it isn’t practical
for each customer to perform independent audits. The provider must therefore validate
security in a different way – usually through regular independent compliance
audits. At SAP, for example, an independent third party provider audits
procedures, controls, and IT security using SSAE16-SOC2 standards.
A multidimensional approach to data privacy and compliance
To address cloud data security concerns, SAP has
built a multidimensional framework based on three primary aspects:
- Scoping. Covers all technology and infrastructure components,
relevant processes, and regular personnel training.
- Information security and
data privacy. Focuses on data
confidentiality and integrity as well as system availability. This covers privacy
and protection of personal data and intellectual property.
- Enforcement and evidence.
How SAP supports data privacy
Evaluating your cloud security needs? SAP
Services can help you build a foundation of comprehensive security architecture,
then add supporting compliance functions including integrated information
security management, data protection, and service delivery systems. Our experts
can help you design organizational reports that provide independent evidence
for security, privacy, and availability, and ensure that your data processing
agreements meet local, national, and international data privacy regulations.
SAP Business Cloud customers also get a range of
security support. Our solutions are designed and sold to ensure that you control,
and have complete ownership of your data. All cloud subscriptions include data
protection agreements. The contract is based in the country of the customer’s choice
signed with the local SAP affiliate or partner. We use a leading compliance
framework with twice-yearly independent SSAE 16-SOC2 compliance audits. And you
can select the geography where your services will be hosted – for example, near
your headquarters or major clients.
Learn more now
To learn more about how SAP Services can help
you move confidently to the cloud while ensuring transparent and compliant data
security for all your applications and needs, visit us online.
To learn more please join us at the SAP Service and Support SAPPHIRE NOW area in Orlando.