SAP Mobile Documents SP2Security Overview

© 2014 SAP AG or an SAP affiliate company. All rights reserved. 2

Disclaimer

This presentation outlines our general product direction and should not be relied on in making apurchase decision. This presentation is not subject to your license agreement or any other agreementwith SAP. SAP has no obligation to pursue any course of business outlined in this presentation or todevelop or release any functionality mentioned in this presentation. This presentation and SAP'sstrategy and possible future developments are subject to change and may be changed by SAP at anytime for any reason without notice. This document is provided without a warranty of any kind, eitherexpress or implied, including but not limited to, the implied warranties of merchantability, fitness for aparticular purpose, or non-infringement. SAP assumes no responsibility for errors or omissions in thisdocument, except if such damages were caused by SAP intentionally or grossly negligent.

© 2014 SAP AG or an SAP affiliate company. All rights reserved. 3

Mobile SecureA strong foundation makes mobile successful

Enterprise Integration

Devices

SAP Afaria

ApplicationsSAP Mobile App Protection

by Mocana

ContentSAP MobileDocuments

Enterprise Mobility Management System

SAP Mobile Secure

On-Premise Hybrid Cloud

© 2014 SAP AG or an SAP affiliate company. All rights reserved. 4

SAP Mobile Documents

Access

Share Perform

© 2014 SAP AG or an SAP affiliate company. All rights reserved. 5

SAP Mobile Documents - Security Aspects

Encrypt

Analyze Deploy

AuthenticateProtect

© 2014 SAP AG or an SAP affiliate company. All rights reserved. 6

Deploy

Your data stored in the SAP cloudEasily collaborate with external partiesUse SAP Identity Service orintegrate existing identity management

Runtime on NetWeaver AS JavaYour data stored in-houseIntegrate your existing CMS systemsUse existing identity management

SAP HANA Cloud On-premise

My Documents in the cloudCorporate Documents on-premiseUse existing identity management

Hybrid

© 2014 SAP AG or an SAP affiliate company. All rights reserved. 7

Authenticate

ClientMethod

WebUI IOS Android WindowsDesktop

MacOSDesktop

X.509 xx xx xx xx xx

SAML xx -- -- -- --

UserID/Password xx xx xx xx xx

Kerberos x -- -- -- --

X SAP HANA Cloud PlatformX SAP NetWeaver AS Java

OAuthpossible for custom clients in the SAP HANA Cloudplanned for on-premise

© 2014 SAP AG or an SAP affiliate company. All rights reserved. 8

Encrypt – Data and Communication Channels

Data-at-restSynced contentNative clients: AES 256Desktop client: depends on OS capabilities

Cloud contentAES 128 and optional AES 256

On-Premise contentDepends on repository capabilities

Data-in-motionAll communication SSL encrypted

Native clients

Desktop client

© 2014 SAP AG or an SAP affiliate company. All rights reserved. 9

Protect – Sharing

R

A

O

C

Sharing with team members

Allow access only to named users

Role-based user accessOwnerAdministratorContributorReader

© 2014 SAP AG or an SAP affiliate company. All rights reserved. 10

Protect – Sharing

Sharing with external partiesShare copy of your document with apublic linkNo authentication necessarySet expiration dataSet passwordAdministrator can disable externalsharing

© 2014 SAP AG or an SAP affiliate company. All rights reserved. 11

Protect – Client-Side Security Features

Mobile appsEnforce passcode for app according to the policy defined by the administratorDefine passcode strength (length and quality)Delete synced content from mobile device after defined number of wrong passcode entries

Web app for public sharing accessEnforce password for public links (optional)Define password strengthDefine maximum expiration timeFolder lock wait-time after incorrect password entries to defendagainst brute force attacksXSRF token to prevent cross-site request forgery

Web appXSRF token to prevent cross-site request forgery

Desktop clientDefine if local password storage is allowed. Passwordencrypted using operating system capabilities.

© 2014 SAP AG or an SAP affiliate company. All rights reserved. 12

Protect – Security Policies

Enforce security policies

Clients enforce policies

Strictly confidentialConfidentialInternalPublic

OpenOpen InPrintCopy

RenameDeleteSendShare

Runtime sets theclassification for thedocuments.

OpenAdmin can ensurethat sensitive docsremain in thecontainer

Validate employeepermission to accessrepository

Permissions defined in the repository areenforced.

Repositories flagged with classification level.Administrator can disable client actions forthe classification levels.

© 2014 SAP AG or an SAP affiliate company. All rights reserved. 13

Multi-tenant concept

Integrated virus scanner

SAP HANA Cloud ISO-27001 certified

Incident managementStandard incident management ISO-27001 certified

Back-up and restoreFull back-up once a dayIncremental back-ups every two hoursBackup- and restore processes comprise regular backups on redundant media

Choice of data center in Germany, USA and APJ (planned)

Protect – Your Data in the SAP HANA Cloud

© 2014 SAP AG or an SAP affiliate company. All rights reserved. 14

Further information on how applications are secured in the SAP HANA Cloudhttps://help.hana.ondemand.com/help/frameset.htm?e80af38cbb57101495e2cd74c4

4af674.html

Further information on the SAP Datacenter securityhttp://www.sapdatacenter.com/

Protect – Further Information

© 2014 SAP AG or an SAP affiliate company. All rights reserved. 15

Analyze

Various dashboards

Logons per day

Documents read per day

Documents updated per day

Traffic per day

Configurable timespan forviews

Detail view for each datapoint

Export RAW data to XML

© 2014 SAP AG or an SAP affiliate company. All rights reserved. 16

© 2014 SAP AG or an SAP affiliate company. All rights reserved.

No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG or an SAP affiliate company.

SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG (or an SAP affiliatecompany) in Germany and other countries. Please see http://global12.sap.com/corporate-en/legal/copyright/index.epx for additional trademark information and notices.

Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors.

National product specifications may vary.

These materials are provided by SAP AG or an SAP affiliate company for informational purposes only, without representation or warranty of any kind, and SAP AG or itsaffiliated companies shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP AG or SAP affiliate company products and servicesare those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting anadditional warranty.

In particular, SAP AG or its affiliated companies have no obligation to pursue any course of business outlined in this document or any related presentation, or to develop orrelease any functionality mentioned therein. This document, or any related presentation, and SAP AG’s or its affiliated companies’ strategy and possible futuredevelopments, products, and/or platform directions and functionality are all subject to change and may be changed by SAP AG or its affiliated companies at any time forany reason without notice. The information in this document is not a commitment, promise, or legal obligation to deliver any material, code, or functionality. All forward-looking statements are subject to various risks and uncertainties that could cause actual results to differ materially from expectations. Readers are cautioned not to placeundue reliance on these forward-looking statements, which speak only as of their dates, and they should not be relied upon in making purchasing decisions.