SAP in the Cloud: Security Essentials

SAP in the Cloud: Security Essentials

This book, SAP in the Cloud: Security Essentials, focuses on security topics associated with cloud computing within the SAP space, with an emphasis on IBM offerings.

Table of Contents

Back to Top

Chapter 1: On Premise vs. The Cloud

Before we get into what goes into cloud security, we need to have a basic understanding of what a cloud deployment means to your IT environment. We’ll talk about the types of clouds and the layers of cloud computing that you can use, then finish with a discussion of what an SAP system can look like in a cloud environment and some of the threats that the system can face.


Read More

Chapter 2: Risk Management and Security Standards

In this chapter, we’ll provide an overview of both risk management techniques and security standards. Risk management will give you a context in which to understand the threat landscape that a cloud environment faces. Later chapters will build on the ideas we present here so that with every aspect of a cloud environment—the network, the hardware, the user controls—you’ll be able to understand whether a cloud provider’s standard setup meets your business needs or if you need to add additional security controls to its offering. After that, we’ll talk about security standards that your provider can certify to in order to prove its cloud environment secure. We’ll cover the major ones—SOC and ISO—in depth while touching on some minor standards. Finally, we’ll discuss some of the regulations that may apply to your data in a cloud environment.


Read More

Chapter 3: Physical Security

Here we start talking about the actual threats a data center will face and security controls they can implement to lower their risk. This chapter covers the physical servers, network cables, and buildings that make cloud computing possible. We discuss how they prevent damage that would interrupt your service and unauthorized access that could compromise your data. You'll come away with knowledge about how data centers should work, the questions you should ask, and how you can secure your own premises so your access points are as secure as your cloud environment.


Read More

Chapter 4: Network Security

In this chapter, we'll run through the threats that a networked environment like a cloud faces and the countermeasures a provider can take to stop them. The chapter will cover things like firewalls, VLANs, VPN, and more, as well as cover how an SAP system looks in a networked environment. You'll come away with a glimpse of how a cloud provider can organize their network defense to protect your data, as well as the range of additional options that you have to protect your connection to that data. 


Read More

Chapter 5: Hypervisor Security

This chapter introduces hypervisors and virtualization, the core technologies that make cloud computing possible. We'll go deep into how virtualization works and how it protects your virtual machines and allocates computing resources. But we'll also touch on the security challenges and how providers are rising to meet those challenges. By the end, you'll have a good understanding of what virtualization means and how it protects your data. You'll understand the extra features you can look for in a hypervisor to increase your security profile and how you can configure your SAP system to make efficient use of flexible resources. 


Read More

Chapter 6: Encryption

This chapter details how encryption protects your data, both while sitting idle on a drive and travelling over networks. We'll cover the technologies around encryption and how you can enable them in you SAP system. You come away with an understanding of the importance of encryption and proper key management, as well as the ways that encryption can go wrong.


Read More

Chapter 7: User Access Controls

In this chapter, we talk about how SAP manages users and roles and how that prevents even the best intentioned users from making a mess of things. We discuss how to separate your user roles to prevent mishandled data and how to ensure individual user security. This chapter is the heaviest in SAP details, so you should come away from it knowing how to create your users and roles and how to make sure those credentials stay secure. 


Read More

Chapter 8: Software Updates

This chapter covers the importance of software updates. It may seem like a boring topic, but keeping software up to date is essential to good security. We also talk about how a provider can implement updates without interrupting your service. You'll understand how those updates have prevented issues in the past and where to look for new SAP notes, which detail fixes. You should be able to ask intelligent questions about their update policy to make sure it's as aggressive as you need it to be. 


Read More

Chapter 9: Data Destruction

This chapter covers what a provider can do with hardware at the end of its lifespan. That hardware may still have retrievable data on it, so it's important to understand what options your provider has to protect it. We cover some standard techniques, including U.S. Department of Defense policy. You should be able to ask the right questions of your provider about what they do with old hardware, as well take care to improve your own efforts.


Read More

Chapter 10: Information Security Management

This chapter talks about how you and your provider can manage the cloud environment and how to understand the division of responsibilities between you and your provider. This includes the difference between a bare metal server and a managed environment, as well as how to secure any management interfaces. You'll know what managing a cloud environment takes so you can decide whether you want to do it yourself or leave to the provider.


Read More

Chapter 11: Risk Management

In this chapter, we expand on the discussion of risk in chapter two to cover how you can incorporate an understanding of and management of your security risks in a cloud environment. We talk about identifying threats, assessing and testing for vulnerabilities, and the best practices around this process. You should be able to take these ideas here and asses your own risks, as well as the risks of any potential cloud providers.


Read More

Popular Chapters

View More
  • Chapter 7: Phase Four: Transition

    In the final phase, transition, we go through what you can expect at go-live, followed by lengthy discussions regarding service level agreements, operations process training, and transition to cloud operations. We talk about intricacies of system stabilization and monitoring. Finally, we explore the options for business continuity and security

    Read More
  • Chapter 6: Phase Three: Build

    In the third phase, build, we walk through developing proofs of concept for your project. The chapter discusses how to take advantage of a provision-shared infrastructure, as well as strategies for building and testing that infrastructure. There is an examination on how to build and mitigate databases and applications, as well as planning the phase cutover. It also looks at automated provisioning and automated services.

    Read More
  • Chapter 5: Phase Two: Model

    The second phase of moving SAP to the cloud, model, contains an overview of the second half of onboarding to the cloud. It examples infrastructure requirements and design and walks the reader through the process of developing a workload analysis. The chapter discusses application and business process discovery as well as operational run books and migration strategy.

    Read More
View More

Do you #LearnLikeAnInsider?

See what it means to redefine reading and start to #LearnLikeAnInsider today.

insiderBOOKS Video

From The Blog

  • Encryption

    The previous chapters [of SAP in the Cloud: Security Essentials] discussed how cloud providers can prevent an attacker from accessing your data. But what happens if an attacker does gain access? Does this mean it’s game over, data’s stolen, start running damage control? Not necessarily. This is where encryption can help you. In this chapter excerpt, we’ll cover what encryption is and how you can use it to protect your cloud-based SAP system.

    Read More