Security Whitepapers

Security Whitepapers

In order to help you to increase the security of your SAP systems, SAP has started a series of documents under the title Security Whitepapers. The objective of this series is to give you concise, easy-to-understand and easy-to-implement information on how to improve the security of your IT systems. The whitepapers of this series cover various aspects of security including recommendations for system configuration as well as guidance and support for the implementation of SAP security fixes. Each whitepaper of the series is focused on a specific aspect.

Title Description Download Date
Language
SAP HANA 2.0 SPS02 Security Technical Whitepaper The purpose of this whitepaper is to give IT security experts an overview of what they need to understand about SAP HANA in order to comply with security-relevant regulations and policies and to protect their SAP HANA implementation and the data within from unauthorized access.        PDF August 2017      English

SAP Cloud Platform Security: Trust Matters

This document provides you with an understand-ing of our comprehensive approach to security in SAP Cloud Platform. Beyond this, the document gives an overview of the available security services in SAP Cloud Platform and of their functional capabilities. They are an integral part of our offer-ing, and they support you when you entrust your processes and data to SAP Cloud Platform. PDF May 2017 English
SAP's Standards, Processes, and Guidelines for Protecting Data and Information SAP experienced an ever increasing number of inquiries from customers about information security and data protection. To answer such questions SAP has published this white paper which describes how SAP helps ensure that the software systems, information, and data of its customers are fully protected. PDF Aug 2016 English
SAP HANA SP12 Security Whitepaper This whitepaper gives IT security experts a starting point and overview of what they need to understand about SAP HANA in order to comply with security-relevant regulations and policies and to protect their SAP HANA implementation and the data within from unauthorized access. PDF May 2016
English
The Secure Software Development Lifecycle at SAP As security is in the vital interest of anyone who is using SAP products to run critical business processes and to store and process sensitive data, secure products are a prerequisite. SAP addresses security in all phases of the software development lifecycle for security to be effective. Consequently, SAP has implemented a secure software development lifecycle (secure SDL), providing a framework for training, tools, and processes. The official ISO/IEC 27034 standard provides the guidelines for SAP to shape the secure SDL. In addition, SAP’s approach to product security aims at measures that enable early identification of vulnerabilities and attacks as well as mature processes and an organizational setup to manage security incidents and react to emergencies.

PDF

Mar 2016 English
Managing Security with SAP Solution Manager Explore the various aspects of building, setting up, and operating a secure system landscape and the ways in which SAP Solution Manager supports these tasks as an IT services and operations management tool. PDF Jun 2015 English
SAP Security Recommendations: Securing Remote Function Calls (RFC) SAP reviewed and improved the security controls used by Remote Function Calls (RFC). RFC is an SAP-proprietary communication protocol. Most SAP customers run business-critical system communication using RFC technology. Keeping business data that is processed via RFC secure is as important to SAP and its customers as ensuring uninterrupted business operations. PDF Nov 2014 English
Security Services von SAP Active Global Support Mit einer globalen Support-Organisation unterstützt SAP seine Kunden dabei, die Qualität und Zuverlässigkeit ihrer Anwendungen sicherzustellen - und zwar über den gesamten Lebenszyklus hinweg. Mehr als 2.000 Service- und Support-Mitarbeiter in über 40 Ländern sorgen bei SAP Active Global Support dafür, dass die unternehmerischen Geschäftsprozesse der SAP-Kunden möglichst reibungsfrei, geschützt und sicher laufen. PDF Jun 2012 Deutsch
Sicheres Cloud Computing mit SAP Wer sich für Software as a Service (SaaS) entscheidet, gibt sensible Informationen und IT-Infrastrukturen in fremde Hände. Den sicheren Betrieb und Schutz übernimmt der Cloud-Anbieter. Umso wichtiger ist es, dessen Sicherheits- und Datenschutzverfahren genau unter die Lupe zu nehmen. Genau diese Frage adressiert das vorliegende Dokument. PDF Feb 2012 Deutsch
Secure Configuration of SAP NetWeaver Application Server Using ABAP The document provides an overview about the most important configuration activities that should be performed for the ABAP server of an SAP NetWeaver-based system. The general scope of this document is the protection of SAP ABAP systems from unauthorized access within the internal corporate network. For Internet scenarios additional security measures have to be considered and implemented. PDF Jan 2012 English
Protecting SAP Applications Against Common Attacks This paper explains the measures SAP strongly recommends that its customers apply to enhance the level of security with respect to certain common attack types. The corresponding chapters in this paper describe, in detail, vulnerabilities and the possibleexploit patterns and how to protect applications against them. Furthermore, it provides guidance on how to make custom-developed applications more secure. PDF Nov 2011
English