Security is a Continuous Process and Never Guaranteed
Over the years there has been an evolution of SAP enterprise resource planning (ERP) technologies, and one of the biggest outcomes has been the shift from on-premise to cloud hosted solutions. But change is often met with resistance, and the concept of the cloud is no different. Regulated organizations can be hesitant to shift their processes to the cloud, because on-premise infrastructure has historically given the impression of enhanced control and security. When an organization has their solution located on-premise or on-site, they can see, touch, and control all aspects of it.
As we push towards a more abstracted, service-oriented, and virtual world, the physical security controls and overhead needed to maintain and scale on-premise infrastructure has become untenable. Organizations are now seeking a secure way to inherit the security controls of on-premise infrastructure while improving the design and automation of their services.
That’s where SAP NS2 comes in. We secure your transition to the cloud through SAP’s innovative technology, our stringent security controls, and our deployment model to abstract as much as possible and allow our customers to focus on implementation and use.
Modernization of Security and Services
SAP S/4HANA Cloud deployed through SAP NS2 has become a trusted, secure ERP solution that addresses scalability, cost, and data processing in a software-as-a-service delivery model. By
combining the innovation of SAP S/4HANA Cloud with our security expertise, our regulated customers can safely transform their operations to the cloud.
We’ve made this possible by building secure cloud environments dedicated to supporting the customers we serve. Each of these environments are built to the security standards required by
their respective industry:
- An Environment for the Commercial Regulated:
✓ Dedicated to: Aerospace & Defense, Financial Services, Higher Education,
Utilities, Manufacturing, Information Technology
✓ Adheres to: NIST 800-53, ITAR, FedRAMP® Moderate Controls, DFARS 252.204-
7012 Compliance - An Environment for the Federal Government:
✓ Dedicated to: Federal Civilian, State, Education & Local
✓ Adheres to: NIST 800-53, ITAR, FedRAMP® Moderate, DOD SRG Impact level 2
(IL2) - An Environment for the Armed Forces:
✓ Dedicated to: Defense & Military Agencies
✓ Adheres to: NIST 800-53, FedRAMP® Moderate, DOD SRG Impact Level 4 (IL4)
This means that, even in the cloud, data is secured and the customer remains in control. Our security model consists of regional cloud deployments, restricted landscape management, and adherence to local laws and legislation. We protect our environments with vulnerability scanning, intrusion detection, and continuous monitoring to ensure solutions stay protected under an automated, all-encompassing security model. By implementing these practices into our secure cloud strategy, we give regulated customers the power to adopt new SAP innovations and accelerate their business operations.
Infrastructure and Data Security
You might be asking yourself, where do operations and data live when I shift my business to the cloud? At SAP NS2, our partnership with well-established cloud infrastructure providers offers
full transparency into where solutions are deployed. Our providers have a wide availability of infrastructure across several different regulated regions, and this enables us to determine the
best cloud provider for each specific use case.
In alignment with our secure cloud environments, the underlying infrastructure providers also comply with FedRAMP® High, International Traffic in Arms Regulations (ITAR), and Department of Defense (DoD) Cloud Computing Security Requirements Guide (SRG) for Impact Levels 2, 4, and 5.
This combination gives aerospace & defense, federal civilian, government, and defense agencies the ability to adhere to the regulations put in place by their industries and the United
States (US) government. And even more importantly, our customers are protected through data and operational residency practices. They can be rest assured that their data remains stored within their respective location and is supported by US based, credentialed resources.
Development and Deployment Models
We work every day to expand solution availability across supported cloud infrastructure providers, research security tooling that compliments SAP solutions, and discover new ways to
protect regulated data within the cloud. We challenge our partners to think differently, we advocate for transparent and modern security, and we actively use our time and energy to help
the larger open source and commercial communities. Our security model extends into development and engineering with infrastructure-as-code (IAC) which is maintainable, idempotent, and constantly enforced.
One of our core tenants is that when we do security properly, we will almost always exceed the security compliance requirements and our designs will be all the more resilient. This is how our SAP NS2 cloud portfolio enables innovation and provides our customers with the necessary cloud capabilities, all in a secure manner so that you can sleep a bit easier at night.
