Security Whitepapers

Security Whitepapers

To help you increase the security of your SAP systems, SAP provides you with Security Whitepapers. The objective of this series is to give you concise, easy-to-understand and easy-to-implement information on how to improve the security of your IT systems. The series covers various aspects of security including recommendations for system configuration as well as guidance and support for the implementation of SAP security fixes. 

Title Description Download Date
SAP Cloud Platform Services in GxP Discover how SAP helps enterprises in the life sciences industry address the challenges of integrating and extending processes while paying careful attention to industry and government regulations. Find out how SAP Cloud Platform and its built-in services can help you create 21st-century applications to hone your competitive edge.       PDF Oct 2019     English
SAP HANA 2.0 SPS03 Security Whitepaper This whitepaper gives IT security experts an overview of what they need to understand about SAP HANA in order to comply with security-relevant regulations and policies and to protect their SAP HANA implementation and the data within from unauthorized access.        PDF May 2018      English

SAP Cloud Platform Security: Trust Matters

This document provides you with an understanding of our comprehensive approach to security in SAP Cloud Platform. Beyond this, the document gives an overview of the available security services in SAP Cloud Platform and of their functional capabilities.  PDF May 2017 English
SAP's Standards, Processes, and Guidelines for Protecting Data and Information This document describes how SAP helps to ensure that the software systems, information, and data of its customers are fully protected. PDF Aug 2016 English
SAP HANA SP12 Security Whitepaper This whitepaper gives IT security experts a starting point and overview of what they need to understand about SAP HANA in order to comply with security-relevant regulations and policies, and to protect their SAP HANA implementation and the data within from unauthorized access. PDF May 2016
The Secure Software Development Lifecycle at SAP SAP addresses security in all phases of the software development lifecycle for security to be effective. Consequently, SAP has implemented a secure software development lifecycle (secure SDL), providing a framework for training, tools, and processes. The official ISO/IEC 27034 standard provides the guidelines for SAP to shape the secure SDL. In addition, SAP's approach to product security aims at measures that enable early identification of vulnerabilities and attacks as well as mature processes and an organizational setup to manage security incidents and react to emergencies.


Mar 2016 English
Managing Security with SAP Solution Manager Explore the various aspects of building, setting up, and operating a secure system landscape and the ways in which SAP Solution Manager supports these tasks as an IT services and operations management tool. PDF Jun 2015 English
SAP Security Recommendations: Securing Remote Function Calls (RFC) SAP reviewed and improved the security controls used by Remote Function Calls (RFC). RFC is an SAP-proprietary communication protocol. Most SAP customers run business-critical system communication using RFC technology. Keeping business data that is processed via RFC secure is as important to SAP and its customers as ensuring uninterrupted business operations. PDF Nov 2014 English
Security Services von SAP Active Global Support Mit einer globalen Support-Organisation unterstützt SAP seine Kunden dabei, die Qualität und Zuverlässigkeit ihrer Anwendungen sicherzustellen - und zwar über den gesamten Lebenszyklus hinweg. Mehr als 2.000 Service- und Support-Mitarbeiter in über 40 Ländern sorgen bei SAP Active Global Support dafür, dass die unternehmerischen Geschäftsprozesse der SAP-Kunden möglichst reibungsfrei, geschützt und sicher laufen. PDF Jun 2012 Deutsch
Sicheres Cloud Computing mit SAP Wer sich für Software as a Service (SaaS) entscheidet, gibt sensible Informationen und IT-Infrastrukturen in fremde Hände. Den sicheren Betrieb und Schutz übernimmt der Cloud-Anbieter. Umso wichtiger ist es, dessen Sicherheits- und Datenschutzverfahren genau unter die Lupe zu nehmen. Genau diese Frage adressiert das vorliegende Dokument. PDF Feb 2012 Deutsch
Secure Configuration of SAP NetWeaver Application Server Using ABAP The document provides an overview about the most important configuration activities that should be performed for the ABAP server of an SAP NetWeaver-based system. The general scope of this document is the protection of SAP ABAP systems from unauthorized access within the internal corporate network. For Internet scenarios additional security measures have to be considered and implemented. PDF Jan 2012 English
Protecting SAP Applications Against Common Attacks This paper explains the measures SAP strongly recommends that its customers apply to enhance the level of security with respect to certain common attack types. The paper describes, in detail, vulnerabilities and the possible exploit patterns and how to protect applications against them. Furthermore, it provides guidance on how to make custom-developed applications more secure. PDF Nov 2011