sap mobile documents sp2 security overview
TRANSCRIPT
SAP Mobile Documents SP2Security Overview
© 2014 SAP AG or an SAP affiliate company. All rights reserved. 2
Disclaimer
This presentation outlines our general product direction and should not be relied on in making apurchase decision. This presentation is not subject to your license agreement or any other agreementwith SAP. SAP has no obligation to pursue any course of business outlined in this presentation or todevelop or release any functionality mentioned in this presentation. This presentation and SAP'sstrategy and possible future developments are subject to change and may be changed by SAP at anytime for any reason without notice. This document is provided without a warranty of any kind, eitherexpress or implied, including but not limited to, the implied warranties of merchantability, fitness for aparticular purpose, or non-infringement. SAP assumes no responsibility for errors or omissions in thisdocument, except if such damages were caused by SAP intentionally or grossly negligent.
© 2014 SAP AG or an SAP affiliate company. All rights reserved. 3
Mobile SecureA strong foundation makes mobile successful
Enterprise Integration
Devices
SAP Afaria
ApplicationsSAP Mobile App Protection
by Mocana
ContentSAP MobileDocuments
Enterprise Mobility Management System
SAP Mobile Secure
On-Premise Hybrid Cloud
© 2014 SAP AG or an SAP affiliate company. All rights reserved. 4
SAP Mobile Documents
Access
Share Perform
© 2014 SAP AG or an SAP affiliate company. All rights reserved. 5
SAP Mobile Documents - Security Aspects
Encrypt
Analyze Deploy
AuthenticateProtect
© 2014 SAP AG or an SAP affiliate company. All rights reserved. 6
Deploy
Your data stored in the SAP cloudEasily collaborate with external partiesUse SAP Identity Service orintegrate existing identity management
Runtime on NetWeaver AS JavaYour data stored in-houseIntegrate your existing CMS systemsUse existing identity management
SAP HANA Cloud On-premise
My Documents in the cloudCorporate Documents on-premiseUse existing identity management
Hybrid
© 2014 SAP AG or an SAP affiliate company. All rights reserved. 7
Authenticate
ClientMethod
WebUI IOS Android WindowsDesktop
MacOSDesktop
X.509 xx xx xx xx xx
SAML xx -- -- -- --
UserID/Password xx xx xx xx xx
Kerberos x -- -- -- --
X SAP HANA Cloud PlatformX SAP NetWeaver AS Java
OAuthpossible for custom clients in the SAP HANA Cloudplanned for on-premise
© 2014 SAP AG or an SAP affiliate company. All rights reserved. 8
Encrypt – Data and Communication Channels
Data-at-restSynced contentNative clients: AES 256Desktop client: depends on OS capabilities
Cloud contentAES 128 and optional AES 256
On-Premise contentDepends on repository capabilities
Data-in-motionAll communication SSL encrypted
Native clients
Desktop client
© 2014 SAP AG or an SAP affiliate company. All rights reserved. 9
Protect – Sharing
R
A
O
C
Sharing with team members
Allow access only to named users
Role-based user accessOwnerAdministratorContributorReader
© 2014 SAP AG or an SAP affiliate company. All rights reserved. 10
Protect – Sharing
Sharing with external partiesShare copy of your document with apublic linkNo authentication necessarySet expiration dataSet passwordAdministrator can disable externalsharing
© 2014 SAP AG or an SAP affiliate company. All rights reserved. 11
Protect – Client-Side Security Features
Mobile appsEnforce passcode for app according to the policy defined by the administratorDefine passcode strength (length and quality)Delete synced content from mobile device after defined number of wrong passcode entries
Web app for public sharing accessEnforce password for public links (optional)Define password strengthDefine maximum expiration timeFolder lock wait-time after incorrect password entries to defendagainst brute force attacksXSRF token to prevent cross-site request forgery
Web appXSRF token to prevent cross-site request forgery
Desktop clientDefine if local password storage is allowed. Passwordencrypted using operating system capabilities.
© 2014 SAP AG or an SAP affiliate company. All rights reserved. 12
Protect – Security Policies
Enforce security policies
Clients enforce policies
Strictly confidentialConfidentialInternalPublic
OpenOpen InPrintCopy
RenameDeleteSendShare
Runtime sets theclassification for thedocuments.
OpenAdmin can ensurethat sensitive docsremain in thecontainer
Validate employeepermission to accessrepository
Permissions defined in the repository areenforced.
Repositories flagged with classification level.Administrator can disable client actions forthe classification levels.
© 2014 SAP AG or an SAP affiliate company. All rights reserved. 13
Multi-tenant concept
Integrated virus scanner
SAP HANA Cloud ISO-27001 certified
Incident managementStandard incident management ISO-27001 certified
Back-up and restoreFull back-up once a dayIncremental back-ups every two hoursBackup- and restore processes comprise regular backups on redundant media
Choice of data center in Germany, USA and APJ (planned)
Protect – Your Data in the SAP HANA Cloud
© 2014 SAP AG or an SAP affiliate company. All rights reserved. 14
Further information on how applications are secured in the SAP HANA Cloudhttps://help.hana.ondemand.com/help/frameset.htm?e80af38cbb57101495e2cd74c4
4af674.html
Further information on the SAP Datacenter securityhttp://www.sapdatacenter.com/
Protect – Further Information
© 2014 SAP AG or an SAP affiliate company. All rights reserved. 15
Analyze
Various dashboards
Logons per day
Documents read per day
Documents updated per day
Traffic per day
Configurable timespan forviews
Detail view for each datapoint
Export RAW data to XML
© 2014 SAP AG or an SAP affiliate company. All rights reserved. 16
© 2014 SAP AG or an SAP affiliate company. All rights reserved.
No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG or an SAP affiliate company.
SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG (or an SAP affiliatecompany) in Germany and other countries. Please see http://global12.sap.com/corporate-en/legal/copyright/index.epx for additional trademark information and notices.
Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors.
National product specifications may vary.
These materials are provided by SAP AG or an SAP affiliate company for informational purposes only, without representation or warranty of any kind, and SAP AG or itsaffiliated companies shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP AG or SAP affiliate company products and servicesare those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting anadditional warranty.
In particular, SAP AG or its affiliated companies have no obligation to pursue any course of business outlined in this document or any related presentation, or to develop orrelease any functionality mentioned therein. This document, or any related presentation, and SAP AG’s or its affiliated companies’ strategy and possible futuredevelopments, products, and/or platform directions and functionality are all subject to change and may be changed by SAP AG or its affiliated companies at any time forany reason without notice. The information in this document is not a commitment, promise, or legal obligation to deliver any material, code, or functionality. All forward-looking statements are subject to various risks and uncertainties that could cause actual results to differ materially from expectations. Readers are cautioned not to placeundue reliance on these forward-looking statements, which speak only as of their dates, and they should not be relied upon in making purchasing decisions.