Security

3 questions to ask your cloud provider about security for your SAP environment

Share this post:

Security for SAP environmentAs enterprises grow increasingly interconnected and sensitive information is shared around the world, protecting critical data has become more complex and challenging than ever before.

Five years ago, most IT attacks targeted the operating system. Today, new types of threats from new types of hackers have emerged, using malware that targets your most precious data by attacking everything from the infrastructure all the way up to the application layer.

When it comes to protecting critical data, SAP has taken extensive measures to help its software run securely. But because modern attacks may threaten the entire technology stack, a truly robust security strategy might require a more holistic approach that takes into account not only the SAP layer and the operating system, but also the entire IT environment.

If you’re considering the benefits of deploying this critical information in the cloud, here are three questions to ask potential cloud providers about protecting your SAP data:

1. What is your strategy for preventing security breaches?

It’s clear that you want a cloud provider that offers integrated security products and highly trained personnel who use security-rich coding practices. The provider should also help you identify what information your security event and information management (SIM) solution requires to provide the best insight into your IT landscape.

Ensure you understand which elements are critical within your environment. This may include network boundary devices such as routers and firewalls as well as multi-function devices for intrusion prevention, servers and virtual machines. Information from these systems should be effectively aggregated and analyzed for insight into your security weaknesses and used to help prevent breaches.

2. If a breach happens, how will you respond?

The right provider should have a clear strategy for responding to security incidents. The provider should work closely with you to establish an incident response plan or direct you to services that can fulfill this need. This should include characteristics such as key emergency contacts, clear roles and responsibilities, regular mock exercises to test the plan, procedures for collecting forensic data, and retainers for incident and forensic services, as well as instructions for engaging these services and a comprehensive communication plan.

Be sure you know how your cloud provider responds to security incidents. While some cloud providers might not provide incident response services, you may be able to acquire these services from a third party, including a different cloud provider.

3. What security certifications has your organization achieved?

Ongoing analysis of the threat landscape can detect security deviations early and enable you and your provider to prepare countermeasures to potential breaches.

To help assess the service provider’s ability to detect and prevent breaches, ask if they hold key certifications such as ISO 27001. Also, insist on annual audits in the form of SSAE-18 SOC 1 and SOC 2 assessments. You may also look for a provider that supports key regulatory standards such as PCI-DSS, HIPAA and FFIEC.

Security on IBM Cloud Think Tank session at Think 2018

To learn more about how IBM Cloud integrates security products to detect, address, and prevent breaches, join our Think Tank session at Think 2018. The session will include a deep dive into several use cases to get a clear understanding of IBM strategies to protect business critical SAP environments across networks, business continuity management, disaster recovery and IT operations.

To join our conversation, go to the Think 2018 website to register for the event and enroll in the session.

Learn more about Cloud Managed Application Services.

More Security stories

Simplify modernization and build cloud-native with open source technologies

Cloud-native technologies are the new normal for application development. Cloud-native creates immeasurable business value with increased velocity and reduced operational costs. Together, these support emerging business opportunities. Advancements in application development have focused on net new applications. We have seen that existing applications that cannot easily move to the cloud have been left on traditional […]

Continue reading

How AIOps helps Nextel Brazil predict and prevent network outages

Mobile smartphones are playing a significant role in the lives and productivity of people around the world. Consider these statistics about smartphone usage from TechJury. Internet users worldwide who visit the Web on a mobile device: 67% Percent of emails read on mobile devices: 49.1% Smartphone users are addicted to their phones: 66% Clearly, many […]

Continue reading

IBM Aspera helps media and entertainment companies push the limits of the cloud

As the growth in video production, content generation and media storage continues to explode throughout the world, advanced cloud-native transfer technologies have become absolutely essential to the daily operations of many teams in the media industry. IBM Aspera is responding with product updates designed to enable next generation cloud media workflows. This year at the International […]

Continue reading