SAP Asset Intelligence Security Guide · PDF fileSAP Asset Intelligence Network is an SAP UI5-based application, and as such makes use of HTML5 and JavaScript. ... SAP Asset Intelligence
Post on 14-Feb-2018
233 Views
Preview:
Transcript
PUBLIC
SAP Asset Intelligence Network 1603Document Version: 1.0 – March 18, 2016
SAP Asset Intelligence Security Guide
Content
1 Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31.1 Overview of the Main Sections. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
2 Before You Start. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
3 Security Aspects of Data, Data Flow and Processes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
4 User Administration and Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
5 Data Storage Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
6 Other Security-Relevant Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
2P U B L I C© 2016 SAP SE or an SAP affiliate company. All rights reserved.
SAP Asset Intelligence Security GuideContent
1 Introduction
The Security Guide provides an overview of the security-relevant information that applies to SAP Asset Intelligence Network from a System Administrator perspective.
NoteThis guide does not replace the administration or operation guides that are available for productive operations.
Target Audience
System Administrators
This document is not included as part of the Installation Guides, Configuration Guides, Technical Operation Manuals, or Upgrade Guides. Such guides are only relevant for a certain phase of the software life cycle, whereas the Security Guides provide information that is relevant for all life cycle phases.
Why Is Security Necessary?
With the increasing use of distributed systems and the Internet for managing business data, the demands on security are also on the rise. When using a distributed system, you need to be sure that your data and processes support your business needs without allowing unauthorized access to critical information. User errors, negligence, or attempted manipulation of your system should not result in loss of information or processing time. These demands on security apply likewise to SAP Asset Intelligence Network. To assist you in securing the SAP Asset Intelligence Network, we provide this Security Guide.
1.1 Overview of the Main Sections
The Security Guide comprises the following main sections:
● Before You StartThis section contains information about why security is necessary, how to use this document, and references to other Security Guides that build the foundation for this Security Guide.
● Security Aspects of Data, Data Flow and ProcessesThis section provides an overview of security aspects involved throughout the most widely-used processes within SAP Asset Intelligence Network.
● User Administration and AuthenticationThis section provides an overview of the following user administration and authentication aspects:○ Recommended tools to use for user management○ Standard users that are delivered with SAP Asset Intelligence Network○ Overview of how integration into Single Sign-On environments is possible
● Data Storage SecurityThis section provides an overview of any critical data that is used by the SAP Asset Intelligence Network and the security mechanisms that apply.
SAP Asset Intelligence Security GuideIntroduction
P U B L I C© 2016 SAP SE or an SAP affiliate company. All rights reserved. 3
● Data ProtectionThis section provides information about how SAP Asset Intelligence Network protects personal or sensitive data.
4P U B L I C© 2016 SAP SE or an SAP affiliate company. All rights reserved.
SAP Asset Intelligence Security GuideIntroduction
2 Before You Start
SAP Asset Intelligence Network is built on top of SAP HANA Cloud Platform (HCP) using SAP UI5 as user interface technology as well as SAP ID Service as Identity and Access Management solution.
Table 1: Fundamental Security Information
Security-Related Material Description
SAP HANA Cloud Solution Brief SAP HANA Cloud Solution Overview
SAP Data Center Data center home page with focus on security and certification
SAP Security Certificates General SAP IT Security Certifications
For a complete list of the available SAP Security Guides, see SAP Service Marketplace at http://service.sap.com/securityguide
Additional Information
For more information about specific topics, see the Quick Links as shown in the table below.
Table 2:
Content Quick Link on SAP Service Marketplace or SCN
Security http://scn.sap.com/community/security
Security Guides http://service.sap.com/securityguide
Related SAP Notes http://service.sap.com/notes
http://service.sap.com/securitynotes
Released platforms http://service.sap.com/pam
Network security http://service.sap.com/securityguide
SAP Solution Manager http://service.sap.com/solutionmanager
SAP NetWeaver http://scn.sap.com/community/netweaver
SAP Asset Intelligence Security GuideBefore You Start
P U B L I C© 2016 SAP SE or an SAP affiliate company. All rights reserved. 5
3 Security Aspects of Data, Data Flow and Processes
The following general security measures are in place, and are applicable to all scenarios:
● Encrypted connection through HTTPS● User and role mapping with functional restrictions● Access control lists limiting access to data only to permitted roles, companies and users
The table below shows the security aspect to be considered for the process step and what mechanism applies.
Table 3:
Step Description Security Measure
User authentication The user logs on to the system. Authentication process based on SAML 2.0 Standard takes place.
Access credentials are not stored on site.
Invalid session IDs and cookies are intercepted.
Document upload Users can upload documents, including Microsoft Excel files, images, VDS files etc.
Virus scanning is in place for all uploaded documents.
MIME Type check in place to prevent malicious uploads.
User administrative tasks Administrators can add and remove user accounts, and change the role assignments of user accounts
Division of responsibilities ensures that only company Administrators can carry out the listed user administrative tasks.
6P U B L I C© 2016 SAP SE or an SAP affiliate company. All rights reserved.
SAP Asset Intelligence Security GuideSecurity Aspects of Data, Data Flow and Processes
4 User Administration and Authentication
SAP Asset Intelligence Network uses the authentication mechanisms provided by SAP ID Service. The user management itself is specific to SAP Asset Intelligence Network and does not rely on any external tools.
Information about user administration and authentication that specifically applies to SAP Asset Intelligence Network is provided in the following topics:
● User ManagementThis topic lists the tools to use for user management in SAP Asset Intelligence Network.
● Integration into Single Sign-On EnvironmentThis topic describes how SAP Asset Intelligence Network supports Single Sign-On mechanisms.
User Management
User management for SAP Asset Intelligence Network uses the SAP HANA Cloud Platform as well as making use of SAP ID Service facilities.
For an overview of how these mechanisms apply to SAP Asset Intelligence Network, see the sections below.
User Administration Tools
SAP Asset Intelligence Network uses the user administration provided by the SAP HANA Cloud Platform to manage Users. System Administrators can add, remove and edit users. They can also provide/revoke multiple pre-defined roles to users.
SAP Asset intelligence Provides three predefined roles per application:
● READProvides read authorizations to the selected user on selected application.
● EDITProvides read and write authorizations to the selected user on selected application.
● DELETEProvides read, write and delete authorizations to the selected user on selected application.
Integration into Single Sign-On Environments
SAP Asset Intelligence Network supports the Single Sign-On (SSO) mechanisms provided by SAP HANA Cloud Platform in conjunction with SAP ID Service. SAP Asset Intelligence Network also allows customer trust accounts to be integrated with SAP HANA Cloud Platform to facilitate SSO using their own trust system.
SAP Asset Intelligence Security GuideUser Administration and Authentication
P U B L I C© 2016 SAP SE or an SAP affiliate company. All rights reserved. 7
5 Data Storage Security
SAP Asset Intelligence Network saves data in a dedicated database provided by SAP HANA Cloud Platform. Access to the database comes preconfigured with the infrastructure environment.
The database contains personal data (user profiles and company profiles), operational business data, and preferences and configurations. Information is updated continuously upon change.
Documents, such as media files and PDFs, are stored in the SAP HANA Cloud document management system.
Data Protection
SAP Asset Intelligence Network complies with data privacy and protection regulations. SAP Asset Intelligence Network supports the following functionality:
● helps customers delete personal data stored on the network using the user management application.● supports sharing personal data of a person whose details have been stored on SAP AIN when the user
requests for it.● maintains audit trial information such as the name of person who changed the personal data, time and date of
the data changed or data deleted.
8P U B L I C© 2016 SAP SE or an SAP affiliate company. All rights reserved.
SAP Asset Intelligence Security GuideData Storage Security
6 Other Security-Relevant Information
SAP Asset Intelligence Network is an SAP UI5-based application, and as such makes use of HTML5 and JavaScript. Active content (at least HTML5 and JavaScript) has to be enabled. This is mandatory, as Asset Intelligence will not work without it.
Session Security Protection
SAP Asset Intelligence Network is restricted to operating with Secure Socket Layer (SSL) and activated cookie handling in the browser only.
Security Lifecycle Management
SAP Asset Intelligence Network is hosted and operated by SAP. The Cloud Operations, Business Operations, and Development Team continuously monitor security-relevant issues and keep the system and software up to date.
SAP Asset Intelligence Security GuideOther Security-Relevant Information
P U B L I C© 2016 SAP SE or an SAP affiliate company. All rights reserved. 9
Important Disclaimers and Legal Information
Coding SamplesAny software coding and/or code lines / strings ("Code") included in this documentation are only examples and are not intended to be used in a productive system environment. The Code is only intended to better explain and visualize the syntax and phrasing rules of certain coding. SAP does not warrant the correctness and completeness of the Code given herein, and SAP shall not be liable for errors or damages caused by the usage of the Code, unless damages were caused by SAP intentionally or by SAP's gross negligence.
AccessibilityThe information contained in the SAP documentation represents SAP's current view of accessibility criteria as of the date of publication; it is in no way intended to be a binding guideline on how to ensure accessibility of software products. SAP in particular disclaims any liability in relation to this document. This disclaimer, however, does not apply in cases of wilful misconduct or gross negligence of SAP. Furthermore, this document does not result in any direct or indirect contractual obligations of SAP.
Gender-Neutral LanguageAs far as possible, SAP documentation is gender neutral. Depending on the context, the reader is addressed directly with "you", or a gender-neutral noun (such as "sales person" or "working days") is used. If when referring to members of both sexes, however, the third-person singular cannot be avoided or a gender-neutral noun does not exist, SAP reserves the right to use the masculine form of the noun and pronoun. This is to ensure that the documentation remains comprehensible.
Internet HyperlinksThe SAP documentation may contain hyperlinks to the Internet. These hyperlinks are intended to serve as a hint about where to find related information. SAP does not warrant the availability and correctness of this related information or the ability of this information to serve a particular purpose. SAP shall not be liable for any damages caused by the use of related information unless damages have been caused by SAP's gross negligence or willful misconduct. All links are categorized for transparency (see: http://help.sap.com/disclaimer).
10P U B L I C© 2016 SAP SE or an SAP affiliate company. All rights reserved.
SAP Asset Intelligence Security GuideImportant Disclaimers and Legal Information
SAP Asset Intelligence Security GuideImportant Disclaimers and Legal Information
P U B L I C© 2016 SAP SE or an SAP affiliate company. All rights reserved. 11
go.sap.com/registration/contact.html
© 2016 SAP SE or an SAP affiliate company. All rights reserved.No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP SE or an SAP affiliate company. The information contained herein may be changed without prior notice.Some software products marketed by SAP SE and its distributors contain proprietary software components of other software vendors. National product specifications may vary.These materials are provided by SAP SE or an SAP affiliate company for informational purposes only, without representation or warranty of any kind, and SAP or its affiliated companies shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP or SAP affiliate company products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty.SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP SE (or an SAP affiliate company) in Germany and other countries. All other product and service names mentioned are the trademarks of their respective companies.Please see http://www.sap.com/corporate-en/legal/copyright/index.epx for additional trademark information and notices.
top related