By Ming Chang – Cloud Information Security Awareness Americas Lead
Ariba is part of the SAP Cloud Security Framework. Just like other acquired solutions, it runs on a different platform and may require different configurations to keep it secure.
In Chapter 1 of Security for SAP Cloud Systems, I’ve described how the SAP Cloud Security Framework covers the SAP Core Cloud offering. Those solutions that were acquired from Ariba which was acquired in 2012. Since that time, a lot has changed to properly integrate Ariba into the SAP Global Security Framework.
With that in mind, Glenn Magnant and I gathered a list of 11 documents, to assist a Security consultant when securing Ariba. These documents are in addition to what SAP’s Security baseline dictates, as explained in SAP Cloud Security Framework and in Security for SAP Cloud Systems.
We have divided these documents into two categories:
- General documentation
- Functional/technical documentation
As a security consultant who is responsible for Ariba’s implementation, access to Ariba Connect
required; this is where the repository of detailed documentation is available from SAP. Please contact
your SAP Account Executive or Customer Engagement Executive to obtain access.
- Ariba SaaS Technical Infrastructure Brochure
- Pay close attention to Chapter 3, which devotes itself to Security features, procedure, and processes
- Ariba Disaster Recovery Plan
- Ariba Data Protection and Privacy – Guide to product and service features
- Ariba Sub-processor list
- This can be found using SAP My Trust Center, which allows the customer to subscribe and be notified of any changes
Functional / Technical Documentation
- Configuring Security for Master Data Integration
- Ariba cloud solutions integration toolkit guide
- Authentication and Security
- Data import tasks for user information
- Ariba Cloud Integration Gateway (CIG)
- This document covers Ariba with SAP ERP integration
- Ariba mobile app security features
- Ariba Remote Authentication Deployment Guide
- This document covers SSO(Single-Sign On) with Ariba OnDemand from IdP(Identity Provider)
Both Glenn and I will continue to bring harmonization and useful information on how SAP addresses Security topics. Stay tuned and reach out to your Ariba contact for more information about securing an Ariba system.
The same blog is posted on LinkedIn.