My adventure in learning CPI: Part 3 | Cloud Security

Hi Readers,

This blog post is a part of a series of blog posts related to SAP Cloud Platform Integration. The blogs so far are:

• My adventure in learning CPI || Part 1 || All about SAP Cloud
• My adventure in learning CPI || Part 2 || Deployment Models

Welcome to Part 3 of my Cloud Journey.

Part 2: https://blogs.sap.com/2019/09/15/my-adventure-in-learning-cpi-part-2-deployment-models/

This blog session is all about building the security architecture.

For more details, refer the blog, https://blogs.sap.com/2017/05/16/sap-cloud-platform-the-next-level/.

The major security measures that SAP Cloud Platform provides are, multi-tenant environment, Customer and Network segregation(wherein the internal traffic is controlled by firewall), Secure Communication, Secure Application Container, and Deletion of Data (on data for 14 days is stored by SAP Cloud which are the development logs and for Audit logs, they store data of 18 months)

If you talk about Data Center and Physical Security, as I had mentioned in the first part, they have got 41 state-of-the-art data centers across the globe, which promises a high level security. SAP internally does 24/7 monitoring, intrusion detection system, strong firewalls, uninterrupted power supply, data privacy, disaster recovery, and multiple backups. In short, your data is safe, secure and is in the right hands.

About Data Governance and Legal Compliance, you data in SAP is safe and no third-party can access your data unless, the third-party happens to be your sub-contractors by signing agreements. The data protection management system is based on British Standard BS 10012 2009 Data protection. Moreover, the SAP Cloud Platform is certified according to ISO 27001-2013, SSAE 16-SOC 1/ISAE 3402 Type 2, and SOC 2 Type 2 security standards.

Operational Security Management, needless to say, SAP is all about reliability, availability, and authenticity of customer data, promising mitigation of threats and vulnerability, and administrative user access management, which is based on authorization, and segregation of duties.

Incident, thread, and vulnerability Management is also ensured. Multiple penetration testings are done by SAP to ensure that the data of it’s customers are safe and secure.

Repository for Cryptographic keys and certificates. The data/ messages exchanged or transitioned are all encrypted and encrypted. Certificates needs to be installed in the sender system, receiver system and also in the middleware i.e. in the Cloud Connectors so are to build trust between 2 systems. The keystore service stored and provides keystores encoded in Java Keystore (JKS), Extended Java Keystore (JCEKS), PKCS #12 file (P12), and Privacy Enchanced Mail Certificate (PEM) formats.

Protection against common web attacks. There are prevention mechanisms against common web attacks such as XSRF attacks, CSRF attacks i.e. cross-site request forgery, and XSS attack i.e. cross-site scripting attack.

That’s it for now. Shall continue in the next blog.

Thanks for the read.

Sookriti Mishra

SAP C4C and CPI Consultant.