Skip to Content

SAP Security, Data Protection, and Privacy

At SAP, information security is paramount. We have an excellent track record of safeguarding businesses against the evolving IT threat landscape. You can rest assured that your mission-critical data is well-protected from all types of attacks – whether you store it on-premise or on the SAP Cloud. Take advantage of robust data and IT security, built-in application security, cloud security, and more.

Get an executive overview of Security at SAP

Explore the world of SAP security, data protection, and privacy

Previous

Security Response

SAP is committed to identifying and addressing every security issue in SAP software and cloud solutions from SAP. Collaborating closely with security research companies and experts worldwide helps SAP identify the security issues early to keep SAP software and cloud solutions secure.

IT Security

Securing a technological environment requires profound attention to people, processes, and technology. Read how you can innovate and operate confidently, knowing that your critical systems have security built into them from the start.

Next

Processor-based vulnerabilities

At the beginning of 2018, with Spectre (and Meltdown), a new class of vulnerabilities was published. In the following months, new variants have been discovered and published under the same pseudonym. Ongoing research and publication of new vulnerabilities and attacks suggest that the topic will continue to be relevant in the future. The common denominator of these vulnerabilities is that they are mostly caused by the architectural (hardware) design of the CPU that affects nearly every computer chip manufactured in the last 20 years. These vulnerabilities could, if exploited, allow attackers to gain access to data previously considered protected. Possible attacks are called side-channel attacks, in which the execution speed (timing) of certain operations could allow the removal of memory contents that are normally not accessible. From a security perspective, concerns include the breaking of boundaries within virtualized environments.
 
 

How is SAP affected?

AP thoroughly investigates the impact of these vulnerabilities and is closely aligning with corresponding vendors, providers, and the Open Source community. SAP works on investigating if, where, and how our platforms, databases, applications, and cloud operations are affected. 

SAP is taking a proactive approach and is fixing potential flaws derived from hardware side-channel attacks without undue delay. You can find more information on our patching progress for our Cloud environments here (registration required). As a consumer of  affected software and hardware, we largely depend on the availability of patches provided by respective vendors, providers, or the Open Source community. The schedule of  applying appropriate patches is, to a large extent, determined by their availability.

Recommendation to customers

SAP recommends that all customers carefully monitor and follow the advice on implementing security patches provided by hardware and operating system providers as soon as they become available. SAP will apply fixes to its cloud infrastructure without undue delay. SAP Global Security is constantly monitoring the situation.
 
 

Vulnerability variants

Each variant was given its own CVE number (updated August 14, 2018):

Each of these vulnerability variants may be exploited to read confidential data such as CPU or kernel memory. The level of criticality and potential for exploitation differs between each of the variants.

Further vendor information about before mentioned security vulnerabilities, resources and responses:

Please note that SAP is not liable for any content on these external sites.

 

Our customers expect ironclad information security for their on-premise, cloud, and mobile environments. For this reason, we work continuously to strengthen and improve security features in all of our software and service offerings as well as to protect our own company and assets.
 
Learn more about Security and Privacy in our 2017 Integrated Report
 
Security Recommendations: A Practical Guide for Securing SAP Solutions

Business Continuity

SAP responds and adapts rapidly to threats posed against our workforce and our business in order to minimize the impact on our operations.We follow a resource-based and all-hazard planning approach which enables us to handle all types of known and unknown disruptive incident situations.

Cyber Crime Protection

Cyber crime is a persistent and growing challenge in today’s digital economy. We have proactive, preventative and analytic controls that measure threat & vulnerability detection, continuous security monitoring, and 24*7 security response management for protection inside and outside the company.

Data Protection

SAP adheres to a global data protection policy that is not only designed to secure the privacy rights of employees, customers, prospects, and partners – but also of anyone whose data is processed by SAP and falls within the legal parameters of SAP or our customers.  

Governance, Risk, and Compliance

As a global company, SAP is exposed to a broad range of risks across our business operations. To ensure that our global risk management efforts are effective while also enabling us to aggregate risks and report on them transparently, we have adopted an integrated risk management and internal control approach.

Security Validation

Perform independent final security assessments on SAP and partner solution from a customer’s point of view and assess product security quality and integration aspects of security under real-world conditions.

Secure Cloud

Why is SAP’s cloud security among the very best in the industry? Because we build security into every layer of our cloud offerings and work continuously to stay ahead of the latest threats. Learn more in the SAP Cloud Trust Center and view live your personalized cloud services status.

Platform Security

Protect your data by meeting ever-increasing cybersecurity challenges, securing systems, and adhering to compliance and regulatory needs. Determine how breakthrough technologies are driving major trends.

Security Source Code Scanning

Prevention is better than cure. At SAP, automated source code scans help to detect and eliminate security flaws at an early stage in the development cycle. Customers can use the same source code scan tools as SAP to make their own software developments more secure.

Security Research

SAP Security Research is a security thought leader at SAP and constantly transforms SAP by improving security.We do cutting-edge scientific research on security and look for ways to apply it at SAP.SAP development and operation processes benefit from our research results, as SAP products do.

Security Products

Our processes, guidelines, tools, and training help keep security integral to product architecture, design, and implementation. SAP ensures that its software is not only secure but also has all aspects of security theory by incorporating security into its applications delivering the ultimate protection of content and transactions.

Previous

Identity and Access Management 

Safeguard your company's information assets with identity and access management and security compliance. Learn how to manage business continuity and minimize cost and risk with an approach to identity and access management that drives security compliance.

Real-Time Security Intelligence

Protecting your connected business systems with reliable cybersecurity monitoring. Learn how to enables real-time security intelligence (RTSI) to help effectively manage your systems’ vulnerability to external and internal cybersecurity threats and help ensure data loss prevention (DLP).

Application and IT Infrastructure Security

Help protect business information and better safeguard enterprise operations by strengthening application and IT infrastructure security. Learn about SAP software products that can safeguard operations with application and IT infrastructure security.

Next
Back to top