Security

3 questions to ask your cloud provider about security for your SAP environment

Share this post:

Security for SAP environmentAs enterprises grow increasingly interconnected and sensitive information is shared around the world, protecting critical data has become more complex and challenging than ever before.

Five years ago, most IT attacks targeted the operating system. Today, new types of threats from new types of hackers have emerged, using malware that targets your most precious data by attacking everything from the infrastructure all the way up to the application layer.

When it comes to protecting critical data, SAP has taken extensive measures to help its software run securely. But because modern attacks may threaten the entire technology stack, a truly robust security strategy might require a more holistic approach that takes into account not only the SAP layer and the operating system, but also the entire IT environment.

If you’re considering the benefits of deploying this critical information in the cloud, here are three questions to ask potential cloud providers about protecting your SAP data:

1. What is your strategy for preventing security breaches?

It’s clear that you want a cloud provider that offers integrated security products and highly trained personnel who use security-rich coding practices. The provider should also help you identify what information your security event and information management (SIM) solution requires to provide the best insight into your IT landscape.

Ensure you understand which elements are critical within your environment. This may include network boundary devices such as routers and firewalls as well as multi-function devices for intrusion prevention, servers and virtual machines. Information from these systems should be effectively aggregated and analyzed for insight into your security weaknesses and used to help prevent breaches.

2. If a breach happens, how will you respond?

The right provider should have a clear strategy for responding to security incidents. The provider should work closely with you to establish an incident response plan or direct you to services that can fulfill this need. This should include characteristics such as key emergency contacts, clear roles and responsibilities, regular mock exercises to test the plan, procedures for collecting forensic data, and retainers for incident and forensic services, as well as instructions for engaging these services and a comprehensive communication plan.

Be sure you know how your cloud provider responds to security incidents. While some cloud providers might not provide incident response services, you may be able to acquire these services from a third party, including a different cloud provider.

3. What security certifications has your organization achieved?

Ongoing analysis of the threat landscape can detect security deviations early and enable you and your provider to prepare countermeasures to potential breaches.

To help assess the service provider’s ability to detect and prevent breaches, ask if they hold key certifications such as ISO 27001. Also, insist on annual audits in the form of SSAE-18 SOC 1 and SOC 2 assessments. You may also look for a provider that supports key regulatory standards such as PCI-DSS, HIPAA and FFIEC.

Security on IBM Cloud Think Tank session at Think 2018

To learn more about how IBM Cloud integrates security products to detect, address, and prevent breaches, join our Think Tank session at Think 2018. The session will include a deep dive into several use cases to get a clear understanding of IBM strategies to protect business critical SAP environments across networks, business continuity management, disaster recovery and IT operations.

To join our conversation, go to the Think 2018 website to register for the event and enroll in the session.

Learn more about Cloud Managed Application Services.

More Security stories

French insurer teams with IBM Services to develop fraud detection solution

Auto insurance fraud costs companies billions of dollars every year. Those losses trickle down to policyholders who absorb some of that risk in policy rate increases. Thélem assurances, a French property and casualty insurer whose motto is “Thélem innovates for you”, has launched an artificial intelligence program, prioritizing a fraud detection use case as its […]

Continue reading

Cloud innovation in real estate: Apleona and IBM rely on new technologies

Digitization does not stop at the proverbial concrete gold — real estate. In fact, the real estate industry is on the move. Companies are realizing the benefits of digital transformation and are capitalizing on the power of new technologies such as cloud, AI and blockchain. Take, for example, Apleona GmbH, one of Europe’s largest real […]

Continue reading

Innovate with Enterprise Design Thinking in the IBM Garage

We’ve all been there. You have an amazing idea that’s really exciting. Maybe it’s a home improvement project, or perhaps it’s a new business idea. You think about all the details required to make it real. But, once you get to the seventh action item, you’re not so excited anymore. Sometimes when we realize the […]

Continue reading