Updated: May 2017
Includes: Online access as well as PDF, ePub, and Mobi download files
This book focuses on security topics associated with cloud computing within the SAP space and provides readers with detailed knowledge, expert guidance and best practices to minimize risk and ensure mission critical systems and data remain secure at all times.
- Security standards
- Network security
- Infrastructure security
- Virtual machine security
- Equipment redundancy
- ID management
- Single sign-on
- Risk assessments
- Destruction of media and hardware
... and much more!
Table of Contents:
Chapter 1: On Premise vs. The Cloud
Before we get into what goes into cloud security, we need to have a basic understanding of what a cloud deployment means to your IT environment. We’ll talk about the types of clouds and the layers of cloud computing that you can use, then finish with a discussion of what an SAP system can look like in a cloud environment and some of the threats that the system can face.
Chapter 2: Risk Management and Security Standards
In this chapter, we’ll provide an overview of both risk management techniques and security standards. Risk management will give you a context in which to understand the threat landscape that a cloud environment faces. Later chapters will build on the ideas we present here so that with every aspect of a cloud environment—the network, the hardware, the user controls—you’ll be able to understand whether a cloud provider’s standard setup meets your business needs or if you need to add additional security controls to its offering. After that, we’ll talk about security standards that your provider can certify to in order to prove its cloud environment secure. We’ll cover the major ones—SOC and ISO—in depth while touching on some minor standards. Finally, we’ll discuss some of the regulations that may apply to your data in a cloud environment.
Chapter 3: Physical Security
Here we start talking about the actual threats a data center will face and security controls they can implement to lower their risk. This chapter covers the physical servers, network cables, and buildings that make cloud computing possible. We discuss how they prevent damage that would interrupt your service and unauthorized access that could compromise your data. You'll come away with knowledge about how data centers should work, the questions you should ask, and how you can secure your own premises so your access points are as secure as your cloud environment.
Chapter 4: Network Security
We'll run through the threats that a networked environment like a cloud faces and the countermeasures a provider can take to stop them. The chapter will cover things like firewalls, VLANs, VPN, and more, as well as cover how an SAP system looks in a networked environment. You'll come away with a glimpse of how a cloud provider can organize their network defense to protect your data, as well as the range of additional options that you have to protect your connection to that data.
Chapter 5: Hypervisor Security
This chapter introduces hypervisors and virtualization, the core technologies that make cloud computing possible. We'll go deep into how virtualization works and how it protects your virtual machines and allocates computing resources. But we'll also touch on the security challenges and how providers are rising to meet those challenges. By the end, you'll have a good understanding of what virtualization means and how it protects your data. You'll understand the extra features you can look for in a hypervisor to increase your security profile and how you can configure your SAP system to make efficient use of flexible resources.
Chapter 6: Encryption
This chapter details how encryption protects your data, both while sitting idle on a drive and travelling over networks. We'll cover the technologies around encryption and how you can enable them in you SAP system. You come away with an understanding of the importance of encryption and proper key management, as well as the ways that encryption can go wrong.
Chapter 7: User Access Controls
In this chapter, we talk about how SAP manages users and roles and how that prevents even the best intentioned users from making a mess of things. We discuss how to separate your user roles to prevent mishandled data and how to ensure individual user security. This chapter is the heaviest in SAP details, so you should come away from it knowing how to create your users and roles and how to make sure those credentials stay secure.
Chapter 8: Software Updates
This chapter covers the importance of software updates. It may seem like a boring topic, but keeping software up to date is essential to good security. We also talk about how a provider can implement updates without interrupting your service. You'll understand how those updates have prevented issues in the past and where to look for new SAP notes, which detail fixes. You should be able to ask intelligent questions about their update policy to make sure it's as aggressive as you need it to be.
Chapter 9: Data Destruction
This chapter covers what a provider can do with hardware at the end of its lifespan. That hardware may still have retrievable data on it, so it's important to understand what options your provider has to protect it. We cover some standard techniques, including US Department of Defense policy. You should be able to ask the right questions of your provider about what they do with old hardware, as well take care to improve your own efforts.
Chapter 10: Information Security Management
This chapter talks about how you and your provider can manage the cloud environment and how to understand the division of responsibilities between you and your provider. This includes the difference between a bare metal server and a managed environment, as well as how to secure any management interfaces. You'll know what managing a cloud environment takes so you can decide whether you want to do it yourself or leave to the provider.
Chapter 11: Risk Management
We expand on the discussion of risk in chapter two to cover how you can incorporate an understanding of and management of your security risks in a cloud environment. We talk about identifying threats, assessing and testing for vulnerabilities, and the best practices around this process. You should be able to take these ideas here and asses your own risks, as well as the risks of any potential cloud providers.
Chapter 12: Complementary Services
This chapter covers how to secure additional third-party services that you use in conjunction with your SAP system.