1 Introduction

The Cloud provides a way of obtaining IT services that offers many benefits including increased flexibility as well as reduced cost. One of the primar ...

2 Product Description

This section provides an overview of SAP HANA Enterprise Cloud (HEC) together with an assessment of the security and assurance provided in respect of ...

2.1 Overview

SAP is a world leader in enterprise applications and, based on market capitalization, SAP is the world’s third largest independent software manufact ...

2.1.1 Security Architecture

The fundamental security architecture of the HEC infrastructure follows the principle of a private cloud. This means that the customer receives an iso ...

The key features of this architecture are:

• Each HEC customer receives their own isolated landscape that is fully integrated into the customer’s ...

2.1.2 Division of Responsibilities

The responsibilities for the various aspects of service delivery, management and security are clearly defined by SAP. In outline SAP is responsible f ...

2.2 Critical Risk Security and Assurance

This section describes our assessment of the security and assurance provided by SAP Hana Enterprise Cloud services against the five previously defined ...

2.2.1 Compliance

The strongest assurance that a CSP can provide is independent certification and attestation of the service that they provide.

All SAP Hana Enterpr ...

Note that ISAE3402 attestation report types have the following meaning:

• Type i: provides a report of procedures / controls an organization has put ...

2.2.2 Cyber Security

The end-to-end security of the HEC is shared between SAP and the customer. SAP is responsible for the security of those components over which it has l ...

• Cloud Platform Security: The HEC environment is designed, built, and operated to provide high levels of infrastructure security and specifically op ...

2.2.3 Availability and Disaster Recovery

SAP Cloud Solutions and Customer Data are operated in a Tier Level III, III+ or IV classified Data Centre. SAP checks on site the compliance to the SA ...

The definition of the business continuity requirements for data centres is published in the standard ANSI/TIA-942² . This specifies 4 tier levels co ...

2.2.4 Legal Service Contract

The service is offered on a subscription that is negotiated with SAP. Most requirements can be met on demand but services that require very large appl ...

2.2.5 Lock-in

HEC is intended for customers running SAP applications. These applications while being widely used are non the less include proprietary interfaces and ...

3 Strengths and Challenges

SAP Hana Enterprise Cloud is ideally suited to organizations wishing to migrate their on-premise SAP business critical applications to the cloud. It o ...

4 Related Reasearch

Advisory Note: Security Organization, Governance, and the Cloud – 71151
Executive View: Cloud Standards Cross Reference – 71124
Scenario Report: Understanding Cloud Security – 70321
Advisory Note: Cloud Provider Assurance – 70586
Executive View: Cloud standards and advice jungle – 70641
Advisory Note: Selecting your cloud provider – 70742
Leadership Compass: Infrastructure as a Service - 70959
Executive View: Executive View: Using Certification for Cloud Provider Selection - 71308