How secure is data in the SAP Cloud for Customers?

25.05.2016

The subject of ‘data protection’ plays an ever greater role, especially in today’s society. Whereas nobody paid any attention to terms and conditions of business or the collection of personal data, awareness of the need to protect your own data is growing nowadays.

In the field of business, Data protection is also becoming increasingly important. According to a survey, 21% of managers questioned admitting already having falling victim to data stealing (Source: statista.de). A very high level of importance is ascribed to data protection for all SAP products. Therefore, this allows SAP SE to meet the requirements of customers. Surveys have revealed that data security plays an important to very important role when deciding on IT solutions among seventy percent of customers. This tendency is increasing, not least owing to successful hacking attempts on major companies having come to the public eye. The damage potential from stolen data is high, no matter whether this involves personal user data or information on product developments.

The SAP Cloud for Customers is secure

Customers deciding in favor of SAP Cloud for Costumer (C4C) for the product SAP Business ByDesign can typically choose whether their data is to be saved in a German or American server center. The German server center is located in St. Leon-Rot, while the American counterpart is in Newton Square (Pennsylvania). German users of the product SAP HANA Enterprise Cloud have a choice between the server centers in St. Leon-Rot and Amsterdam. The premises of the server centers are equipped with state-of-the-art access protection, thus making it impossible for third parties to gain access to the hardware on which the customer data is saved in the SAP Cloud for Costumer.

How is data protection supplemented in the SAP Cloud for Customers?

All employees of SAP SE must sign a data protection declaration together with the employment contract. This also contains a formal confidentiality obligation for cases where staff obtain knowledge of individual customer data, for example through maintenance work or administrative tasks.

Data protection means not only security against access by unauthorized third parties but also includes measures regarding the availability of the data for the customer. With SAP Cloud for Customers, this occurs via automated backups. These are saved on additional computers in the server centers, which are separated spatially from the computers used for ongoing operation.

Whoever saves his data in the SAP Cloud for Customers has the guarantee that it remains persistent. This means it may only be changed by SAP employees if the customer expressly requests this. For this purpose, individual access authorizations are set up for the SAP employees, which nevertheless do not entail any unrestricted access rights. Whoever works for SAP SE as a subcontractor for consulting with individual customers will get to know the customer before signing any contract. These companies including all their staff must sign the same data protection and confidentiality declarations as are required from persons who are employed directly at SAP SE.

Security of the SAP Cloud for Customers is strictly monitored

According to its own figures, SAP SE invests around half a million euros in data protection each year. This also includes monitoring compliance with security standards (ISAE-3402, ISO 27001, SSAE-16) by external auditors. They are also subject to secrecy and only grant security certificates if both the technical and organizational measures are implemented at a high level. The individual users of SAD Cloud for Costumer can also order the services of these auditors for monitoring the implementation of data protection as part of an audit on their own premises.

Source: http://www.sapdatacenter.com/de/article/sicherheit_datenschutz/