Product Road Map
SAP Security Products
Gerlinde Zibulski, Director Security Product Management, SAP SE
September 2016
Customer
Template Revision: 20160104 v4.1
Legal disclaimer
The information in this presentation is confidential and proprietary to SAP and may not be disclosed without the
permission of SAP. This presentation is not subject to your license agreement or any other service or subscription
agreement with SAP. SAP has no obligation to pursue any course of business outlined in this document or any related
presentation, or to develop or release any functionality mentioned therein. This document, or any related presentation
and SAP's strategy and possible future developments, products and or platforms directions and functionality are all
subject to change and may be changed by SAP at any time for any reason without notice. The information in this
document is not a commitment, promise or legal obligation to deliver any material, code or functionality. This document
is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties
of merchantability, fitness for a particular purpose, or non-infringement. This document is for informational purposes
and may not be incorporated into a contract. SAP assumes no responsibility for errors or omissions in this document,
except if such damages were caused by SAP´s willful misconduct or gross negligence.
All forward-looking statements are subject to various risks and uncertainties that could cause actual results to differ
materially from expectations. Readers are cautioned not to place undue reliance on these forward-looking statements,
which speak only as of their dates, and they should not be relied upon in making purchasing decisions.
© 2016 SAP SE or an SAP affiliate company. All rights reserved.
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice.
This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a
particular purpose, or non-infringement
Customer
3
SAP’s security products
Key trends and impacts in business and technology
Digital Technologies are Here to Stay
Digitization is changing the world by driving two main
things. Business agility and fully connected Value
Chain.
This is enabling businesses to be driven by technology.
Technology is creating the network and analytics to
develop products, services, and new business models.
The ability for all business processes being automated
and the digital connectedness of the entire value chain
creates huge agility.
Mobile
Hyper
Connectivity
In-Memory
Computing
Internet
of Things
Big Data
Machine
Learning
0010100
1110011
0011001
Cybersecurity
© 2016 SAP SE or an SAP affiliate company. All rights reserved.
Social
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice.
This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a
particular purpose, or non-infringement
Cloud
Customer
6
SAP’s security products
Road map overview and major product updates
Security and Threat Intelligence:






SAP Enterprise Threat Detection
SAP Identity Management
SAP Single Sign-On
SAP HANA Cloud Platform, identity authentication service
SAP Code Vulnerability Analysis
SAP Fortify by HP
GRC portfolio:










SAP Access Control
SAP Cloud Identity Access Governance, access analysis service
SAP Process Control
SAP Audit Management
SAP Fraud Management
SAP Risk Management
SAP Identity Analytics
SAP Business Partner screening
SAP Global Trade Services
SAP Electronic Invoicing for Brazil
GRC Solution Extensions:
 SAP Access Management violation by Greenlight
 SAP Regulation Management by Greenlight (cyber
governance solution)
 SAP Dynamic Authorization Management by NextLabs
 SAP Technical Data Export Compliance application by
NextLabs
© 2016 SAP SE or an SAP affiliate company. All rights reserved.
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice.
This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a
particular purpose, or non-infringement
Customer
7
SAP security and GRC access governance portfolio
SAP Cloud
Application
s
SAP Cloud Identity Access Governance services
Manage access,
users and
compliance in the
cloud
identity
authentication
service
access
analysis
service
identity provisioning
service
S/4 HANA
SAP
Business
Suite
SAP Single
Sign-On
SAP Identity
Management
SAP Access
Control
SAP Enterprise
Threat Detection
Add-On for Code
Vulnerability
Analysis
Make it simple for users to do
what they are allowed to do
Know your users and what
they can do
Ensure corporate
compliance to
regulatory requirements
Counter possible threats and
identify attacks
Find and correct
vulnerabilities in customer
code
3rd Party
Systems
Platform Security
Make sure that SAP
solutions run securely
© 2016 SAP SE or an SAP affiliate company. All rights reserved.
SAP HANA Cloud
Platform
SAP HANA
SAP NetWeaver
Application Server
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice.
This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a
particular purpose, or non-infringement
Customer
8
SAP’s security products
Product road map overview – key themes and capabilities
Today
Secure and Simple Access
• SAP Single Sign-On 3.0
− Secure integration, TCO reduction and crypto
enhancements
•
•
SAP HANA Cloud Platform, identity authentication
service, formerly known as SAP Cloud Identity service
SAP Identity Management 8.0 SP3
Threat Intelligence and security vulnerabilities
• SAP Enterprise Threat Detection 1.0 SP4
• SAP NetWeaver Application Server, add-on for Code
Vulnerability Analyzer
Future Direction
Planned Innovations
Secure and Simple Access
• SAP SSO: Increased security and further reduction of
administration
• SAP IDM: cloud enablement by integrating with SAP
HCP, identity authentication service and ease of
implementation by new Rapid Deployment Solution
• SAP IDM: enhancement of integration with SAP GRC
Access Control and new integration with SAP Cloud
Identity Access Governance
• SAP HCP, identity authentication service: Enhancement
of authentication, user management and data center
security
• Planned new solution: SAP Cloud Identity Access
Governance: full cloud identity management including
provisioning to cloud applications
Secure and Simple Access
• Integration of SAP SSO with SAP ETD
• SAP SSO: Cloud and IoT extensions
• SAP IDM: Hybrid identity management and support for
SAP S/4 HANA
• SAP HCP, identity authentication service: X.509
authentication and more data centers globally
Threat Intelligence and security vulnerabilities
• SAP ETD: cloud delivery
• SAP NW AS, add-on for CVA: new checks, workflow and
quick fixes
Threat Intelligence and security vulnerabilities
• SAP ETD: Integration with further SAP logs
• SAP ETD: event and context integration, forensic lab
• SAP NW AS, add-on for CVA: new checks, reporting and
Eclipse integration
This is the current state of planning and may be changed by SAP at any time.
© 2016 SAP SE or an SAP affiliate company. All rights reserved.
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice.
This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a
particular purpose, or non-infringement
Customer
9
Topic Road Map
• Today
• Planned
• Future
SAP’s security products
Product road map overview – key themes and capabilities
Today
Secure and Simple Access
• SAP Single Sign-On 3.0
− Secure integration, TCO reduction and crypto
enhancements
•
•
SAP HANA Cloud Platform, identity authentication
service, formerly known as SAP Cloud Identity service
SAP Identity Management 8.0 SP3
Threat Intelligence and security vulnerabilities
• SAP Enterprise Threat Detection 1.0 SP4
• SAP NetWeaver Application Server, add-on for Code
Vulnerability Analyzer
Future Direction
Planned Innovations
Secure and Simple Access
• SAP SSO: Increased security and further reduction of
administration
• SAP IDM: cloud enablement by integrating with SAP
HCP, identity authentication service and ease of
implementation by new Rapid Deployment Solution
• SAP IDM: enhancement of integration with SAP GRC
Access Control and new integration with SAP Cloud
Identity Access Governance
• SAP HCP, identity authentication service: Enhancement
of authentication, user management and data center
security
• Planned new solution: SAP Cloud Identity Access
Governance: full cloud identity management including
provisioning to cloud applications
Secure and Simple Access
• Integration of SAP SSO with SAP ETD
• SAP SSO: Cloud and IoT extensions
• SAP IDM: Hybrid identity management and support for
SAP S/4 HANA
• SAP HCP, identity authentication service: X.509
authentication and more data centers globally
Threat Intelligence and security vulnerabilities
• SAP ETD: cloud delivery
• SAP NW AS, add-on for CVA: new checks, workflow and
quick fixes
Threat Intelligence and security vulnerabilities
• SAP ETD: Integration with further SAP logs
• SAP ETD: event and context integration, forensic lab
• SAP NW AS, add-on for CVA: new checks, reporting and
Eclipse integration
This is the current state of planning and may be changed by SAP at any time.
© 2016 SAP SE or an SAP affiliate company. All rights reserved.
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice.
This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a
particular purpose, or non-infringement
Customer
11
SAP HANA Cloud Platform
Security Overview
Run Secure





Secure data center
Protect data privacy
Transparency
Compliance
Secure your access
SAP HANA CLOUD PLATFORM
Develop Secure
SAP Data Center
© 2016 SAP SE or an SAP affiliate company. All rights reserved.






Leverage single sign-on
Protect your data
Secure your mobile and IoT scenarios
Securely integrate with your corporate user directory
Propagate the logged on user
Secure storage of confidential data
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice.
This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a
particular purpose, or non-infringement
Customer
12
Run Secure
SAP Data Centers
ISO 27001 CERTIFIED
ISO 9001 CERTIFIED
GREEN IT CERTIFIED
SSAE16 TESTED
© 2016 SAP SE or an SAP affiliate company. All rights reserved.
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice.
This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a
particular purpose, or non-infringement
Customer
13
Run Secure
Compliance

Certified operations
1) 2)
ISO 27001
Certification for Information
Security Management Systems
1) 2)
SOC 1 / SSAE 16
Statement on Standards for Attestation
Engagements No. 16
2)
1) 2)
SOC 2
Service Organization Controls
Report (Attestation report)
ISO 22301
Certification for Business Continuity Management
Systems
Security Measures are audited and
confirmed through
various Certifications and Attestations
1) Certification for SAP HANA Cloud Platform
2) The same or equivalent certificates are valid at every data center where cloud solutions are run.
© 2016 SAP SE or an SAP affiliate company. All rights reserved.
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice.
This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a
particular purpose, or non-infringement
Customer
14
SAP HANA Cloud Platform Security
Develop Secure
Simplify
Secure
Integrate
Single Sign-On
Your Apps & Data
Backend & Data Propagation
Authenticate and Single Sign-On
with existing IDPs, ensure easy
access to devices and applications
Secure app with proper
authentication, data encryption,
and protection at API level
Secure connection to on-premises
and cloud systems and principal
propagation to back-ends
© 2016 SAP SE or an SAP affiliate company. All rights reserved.
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice.
This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a
particular purpose, or non-infringement
Customer
15
Develop Secure
Secure Your Apps & Data
Secure app with proper
authentication, data
encryption, and
protection at API level
Get the right information and business processes into the
right hands on the right device at the right time
Store confidential data with password storage and protect
communication with data encryption and digital signature
Protect your API with OAuth and eliminate the security data
breaches with stolen user credentials
Owens-Illinois, the world’s leading glass packing manufacturer, uses SAP HANA
Cloud Platform to achieve cost effective and secure exchange of business-togovernment (B2G) e-invoices for legal and tax compliance in Peru.
© 2016 SAP SE or an SAP affiliate company. All rights reserved.
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice.
This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a
particular purpose, or non-infringement
Customer
16
Develop Secure
Integrate Backend & Data Propagation
Secure connection
to on-premises and
cloud systems and
principal
propagation to
back-ends
Use HANA Cloud Connector to establishes secure tunnel
between SAP HANA Cloud Platform and on-premise systems
Support identity propagation with App2app SSO and
principal propagation to back-ends ensuring right data for right
users
Extension of on-promise and cloud applications to HANA
Cloud Platform are secure and rest assured
Accenture uses SAP HANA Cloud Platform to deliver its HR Audit and Compliance
as-a-service solution to help its clients complete accurate audit and compliance
reporting no matter where their data is hosted.
© 2016 SAP SE or an SAP affiliate company. All rights reserved.
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice.
This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a
particular purpose, or non-infringement
Customer
17
Develop Secure
Simplify Single Sign-On & Federated IDP
Authenticate and
Single Sign-On with
existing IDPs, ensure
easy access to
devices and
applications
Simple and secure cloud-based access to data and applications
with HANA Cloud Platform, Identity Authentication Service
Identity Federation with existing IDPs reduce operation effort
and no persistence user information in HANA Cloud Platform
High security with Two-Factor Authentication add extra
layer of security to protect your high risk applications
ZS Associates uses SAP HANA Cloud Platform to extend the functionality of SAP
SuccessFactors Employee Central to have greater confidence in company data and
establish a strong foundation for analytics.
© 2016 SAP SE or an SAP affiliate company. All rights reserved.
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice.
This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a
particular purpose, or non-infringement
Customer
18
SAP’s security products – SAP HCP, identity authentication service
Authentication and single sign-on in the cloud for the cloud
Today
SAP HANA Cloud Platform, identity authentication service provides a simple and secure access to IT applications and is
delivered as a service (SaaS, software-as-a-service) by SAP
Simple and secure access
 Web single sign-on for cloud and on-premise applications based on the open standard
SAML
 Support of SAP and 3rd party applications
 Secure on-premise integration to reuse an existing authentication system
 Optional two-factor authentication
User management
 Self services for password management and invitation
 Central user administration
Enterprise features
 Branding of user interfaces for seamless integration in customer developments
 Password policies
© 2016 SAP SE or an SAP affiliate company. All rights reserved.
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice.
This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a
particular purpose, or non-infringement
Customer
19
SAP’s security products – SAP Single Sign-On 3.0
Today
Secure and simple access
SAP Single Sign-On provides simple, secure access to IT applications for business users. It offers advanced security
capabilities to protect your company data and business applications.
Simple and secure access
 Single sign-on for native SAP clients and web applications
 Single sign-on for mobile devices
 Support for cloud and on-premise landscapes
Secure data communication
 Encryption of data communication for SAP GUI
 Digital signatures
 FIPS 140-2 certification of security functions
Advanced security capabilities




Two-factor authentication
Risk-based authentication using access policies
RFID-based authentication
Hardware security module support
© 2016 SAP SE or an SAP affiliate company. All rights reserved.
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice.
This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a
particular purpose, or non-infringement
Customer
21
SAP’s security products – SAP Identity Management 8.0 SP3
Today
One source of truth for your identity data
SAP Identity Management keeps users data secure and consistent and supports customers by implementing integrated identity
lifecycle scenarios with SAP‘s Cloud HR SuccessFactors or on-premise SAP HCM
Integrate business processes
 Integrate with SAP HCM and SAP SuccessFactors to automate user access provisioning
based on current business roles
 Ensure to build-in compliancy in the process by integration with SAP Access Control for
segregation of duty conflicts.
Improve productivity
 Self-service for end-users password reset
 Self-service for end-users access request
Improve security
 Reduce risk with centralized user identity management across SAP, non-SAP solutions
 Revoke automatically access when person leaves company or in case of internal move
© 2016 SAP SE or an SAP affiliate company. All rights reserved.
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice.
This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a
particular purpose, or non-infringement
Customer
22
SAP’s security products – SAP Enterprise Threat Detection
Today
Threat analysis and detection for business critical data
SAP Enterprise Threat Detection provides insight into suspicious activities throughout IT landscapes and enables
companies to identify security breaches as they occur. Thus, companies can react in time to neutralize threats and
prevent critical damage to their business. The solution detects internal and external attacks based on application event
information in combination with context data.
Real-time security monitoring






Gather events from a landscape of SAP and non-SAP systems
Evaluate attack detection patterns shipped by SAP and developed by customer or partners
Analyze events to derive profiles of ‘normal’ behavior, look for deviation from these profiles
Visualize events to gain new insights, develop new patterns
Raise alerts on suspected attacks and enable subsequent analysis and incident management
Gain an overview of the current threat situation
Leverage SAP knowledge
 SAP delivers best practices to detect cyber attacks on SAP systems
Manage big amounts of log data
 Leverage the SAP HANA platform to gather and process very large amounts of events
 Gain insight at unprecedented speed
© 2016 SAP SE or an SAP affiliate company. All rights reserved.
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice.
This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a
particular purpose, or non-infringement
Customer
23
SAP Enterprise Threat Detection as part of the Digital Board Room
© 2016 SAP SE or an SAP affiliate company. All rights reserved.
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice.
This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a
particular purpose, or non-infringement
Customer
24
SAP Enterprise Threat Detection as part of the Digital Board Room
© 2016 SAP SE or an SAP affiliate company. All rights reserved.
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice.
This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a
particular purpose, or non-infringement
Customer
25
SAP Enterprise Threat Detection as part of the Digital Board Room
© 2016 SAP SE or an SAP affiliate company. All rights reserved.
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice.
This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a
particular purpose, or non-infringement
Customer
26
SAP’s security products – SAP NetWeaver AS, add-on for CVA
Today
Product description
In order to break an application, a single flaw in any of its components/functions or the infrastructure may
be enough. SAP NetWeaver Application Server (AS), add-on for code vulnerability analysis helps you to
identify potential weaknesses in your application early in the development process to avoid this risk.
Efficient scan technology
 Reduced false-positive rate by dataflow analysis
 Direct integration into the SAP system
Improved developer experience




Integral part of SAP development UIs
Detailed help and explanations to all errors
Assistance to find the right location for the fix
Approval workflows for handling of false positives
Integration
 Central monitoring and reporting in Solution Manager
 Integrated into SAP transport management tools
© 2016 SAP SE or an SAP affiliate company. All rights reserved.
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice.
This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a
particular purpose, or non-infringement
Customer
27
SAP’s security products
Product road map overview – key themes and capabilities
Today
Secure and Simple Access
• SAP Single Sign-On 3.0
− Secure integration, TCO reduction and crypto
enhancements
•
•
SAP HANA Cloud Platform, identity authentication
service, formerly known as SAP Cloud Identity service
SAP Identity Management 8.0 SP3
Threat Intelligence and security vulnerabilities
• SAP Enterprise Threat Detection 1.0 SP4
• SAP NetWeaver Application Server, add-on for Code
Vulnerability Analyzer
Future Direction
Planned Innovations
Secure and Simple Access
• SAP SSO: Increased security and further reduction of
administration
• SAP IDM: cloud enablement by integrating with SAP
HCP, identity authentication service and ease of
implementation by new Rapid Deployment Solution
• SAP IDM: enhancement of integration with SAP GRC
Access Control and new integration with SAP Cloud
Identity Access Governance
• SAP HCP, identity authentication service: Enhancement
of authentication, user management and data center
security
• Planned new solution: SAP Cloud Identity Access
Governance: full cloud identity management including
provisioning to cloud applications
Secure and Simple Access
• Integration of SAP SSO with SAP ETD
• SAP SSO: Cloud and IoT extensions
• SAP IDM: Hybrid identity management and support for
SAP S/4 HANA
• SAP HCP, identity authentication service: X.509
authentication and more data centers globally
Threat Intelligence and security vulnerabilities
• SAP ETD: cloud delivery
• SAP NW AS, add-on for CVA: new checks, workflow and
quick fixes
Threat Intelligence and security vulnerabilities
• SAP ETD: Integration with further SAP logs
• SAP ETD: event and context integration, forensic lab
• SAP NW AS, add-on for CVA: new checks, reporting and
Eclipse integration
This is the current state of planning and may be changed by SAP at any time.
© 2016 SAP SE or an SAP affiliate company. All rights reserved.
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice.
This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a
particular purpose, or non-infringement
Customer
28
SAP’s security products – SAP Cloud Identity Access Governance
Planned
Innovations
New services planned – based on the SAP HANA Cloud Platform
“III” – independent, integrated, interoperable
 SAP HANA Cloud Platform, identity authentication service
 SAP HANA Cloud Platform, identity provisioning service*
 SAP Cloud Identity Governance, access analysis service*
Microservices architecture
SAP HCP architecture enables native integration
 SAP HCP Applications





S/4 HANA, C4C
Ariba
Concur
SuccessFactors
Identity services
Trigger-based access analysis
© 2016 SAP SE or an SAP affiliate company. All rights reserved.
* Planned for demo at SAP TechEd 2016
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice.
This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a
particular purpose, or non-infringement
Customer
29
Planned
Innovations
SAP’s security products
SAP HANA Cloud Platform, identity authentication service
Significant enhancements to the product formerly known as “SAP Cloud Identity service” will move it to become a full cloud
identity management including user management and provisioning
Authentication & single sign-on




Custom password policies
OAuth authentication for API calls
TFA with SMS
Open Id Connect
Administration services
 License auditing & usage Reporting
 Policy version management
Corporate features
 Troubleshooting logs
 Custom mail service
 Audit logs
 Disaster recovery (Europe)
This is the current state of planning and may be changed by SAP at any time.
© 2016 SAP SE or an SAP affiliate company. All rights reserved.
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice.
This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a
particular purpose, or non-infringement
Customer
30
Planned
Innovations
SAP’s security products
SAP HANA Cloud Platform, identity provisioning service
Provide first provisioning capacities for cloud services
SAP Cloud Portal
An example could be a user created in SuccessFactors which
will be automatically transferred to SAP HANA Cloud Platform,
identity authentication service
After that, the SAP HCP, identity provisioning service will
provision the relevant information to other cloud applications like
SAP S/4HANA
Cloud User Provisioning
Provisioning to SAP and non-SAP cloud applications
Cloud Edition
User management






Custom attributes
Lock/unlock users
Integration with SAP Identity Management
Extension CSV import /export
User profile branding
New administrative operations
This is the current state of planning and may be changed by SAP at any time.
© 2016 SAP SE or an SAP affiliate company. All rights reserved.
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice.
This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a
particular purpose, or non-infringement
Customer
31
SAP’s security products
Planned
Innovations
SAP Cloud Identity Access Governance, access analysis service
© 2016 SAP SE or an SAP affiliate company. All rights reserved.
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice.
This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a
particular purpose, or non-infringement
Customer
32
SAP’s security products
Planned
Innovations
SAP Cloud Identity Access Governance, access analysis service
© 2016 SAP SE or an SAP affiliate company. All rights reserved.
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice.
This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a
particular purpose, or non-infringement
Customer
33
SAP’s security products – planned innovations for Identity Management
Planned
Innovations
Enhancements in SPs for SAP Identity Management 8.0
Integration of SAP Identity Management and SAP HANA Cloud Platform, provisioning service enables provisioning to cloud
applications in a heterogeneous landscape
Cloud applications
Integration
 SAP HANA Cloud Platform, identity
provisioning service based on SCIM
 Hybrid deployment model: SAP HCP, identity
provisioning service as extension for SAP
Identity Management
Cloud applications
SAP HANA Cloud Platform,
identity provisioning
service
Cloud
Enterprise readiness
On-premise
 Ease of installation and operations
Rapid-Deployment Solution package
SAP Identity Management
This is the current state of planning and may be changed by SAP at any time.
© 2016 SAP SE or an SAP affiliate company. All rights reserved.
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice.
This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a
particular purpose, or non-infringement
Customer
34
SAP’s security products – planned innovations for SAP SSO
Planned
Innovations
Reduction of administration and increased security
SAP Single Sign-On allows customers to authenticate securely. This includes the capability to strengthen the authentication
process dynamically, or to reduce user authorizations based on contextual information. You can leverage these capabilities for
network edge authentication to prevent illegitimate traffic from reaching critical backend systems.
Integration
 Seamless integration scenarios with SAP Mobile Platform
 Extended support for cloud scenarios
TCO reduction
 Certificate Lifecycle Management for AS Java and HANA DB
 Enhanced Mac OS X support
Advanced security capabilities
 Network edge authentication support with SAP Web Dispatcher
 Additional cryptographic capabilities and security protocols
 Support for certificate revocation using OCSP
This is the current state of planning and may be changed by SAP at any time.
© 2016 SAP SE or an SAP affiliate company. All rights reserved.
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice.
This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a
particular purpose, or non-infringement
Customer
35
Planned
Innovations
SAP’s security products
SAP ETD integration of logs from further SAP products
Enterprise Threat Detection helps customers find attacks against their business critical systems with application
data.
Event & context integration
 Further ABAP / Java logs
 SAP GRC products
 3rd party products via CEF
Forensic lab
 User behavior analytics
 Enhanced functions for pattern definition
Attack detection patterns
 Regular pattern delivery
Alerts and investigations
 Integration with SAP Solution Manager
This is the current state of planning and may be changed by SAP at any time.
© 2016 SAP SE or an SAP affiliate company. All rights reserved.
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice.
This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a
particular purpose, or non-infringement
Customer
37
Planned
Innovations
SAP’s security products
SAP NW AS, add-on for CVA – new checks, reporting and dev. productivity
New checks and reporting capabilities as well as full integration with development tools in Eclipse will
significantly enhance the usability and the results of CVA and help customers find security vulnerabilities faster
New checks
 Potential abuse of URL redirect
 SQL Script scanning (AMDP)
 Detection of direct access to sensitive DB tables
Flexibility & performance
 Ability to check modifications to SAP programs
 Improved data flow analysis
Reporting
 Public API to allow customer to create own reports
Landscape
 Central Security Scan support including Exemptions, Transport, Trigger remote scan
locally
Developer productivity
 Full integration with ABAP development tools in Eclipse
This is the current state of planning and may be changed by SAP at any time.
© 2016 SAP SE or an SAP affiliate company. All rights reserved.
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice.
This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a
particular purpose, or non-infringement
Customer
38
SAP’s security products
Product road map overview – key themes and capabilities
Today
Secure and Simple Access
• SAP Single Sign-On 3.0
− Secure integration, TCO reduction and crypto
enhancements
•
•
SAP HANA Cloud Platform, identity authentication
service, formerly known as SAP Cloud Identity service
SAP Identity Management 8.0 SP3
Threat Intelligence and security vulnerabilities
• SAP Enterprise Threat Detection 1.0 SP4
• SAP NetWeaver Application Server, add-on for Code
Vulnerability Analyzer
Future Direction
Planned Innovations
Secure and Simple Access
• SAP SSO: Increased security and further reduction of
administration
• SAP IDM: cloud enablement by integrating with SAP
HCP, identity authentication service and ease of
implementation by new Rapid Deployment Solution
• SAP IDM: enhancement of integration with SAP GRC
Access Control and new integration with SAP Cloud
Identity Access Governance
• SAP HCP, identity authentication service: Enhancement
of authentication, user management and data center
security
• Planned new solution: SAP Cloud Identity Access
Governance: full cloud identity management including
provisioning to cloud applications
Secure and Simple Access
• Integration of SAP SSO with SAP ETD
• SAP SSO: Cloud and IoT extensions
• SAP IDM: Hybrid identity management and support for
SAP S/4 HANA
• SAP HCP, identity authentication service: X.509
authentication and more data centers globally
Threat Intelligence and security vulnerabilities
• SAP ETD: cloud delivery
• SAP NW AS, add-on for CVA: new checks, workflow and
quick fixes
Threat Intelligence and security vulnerabilities
• SAP ETD: Integration with further SAP logs
• SAP ETD: event and context integration, forensic lab
• SAP NW AS, add-on for CVA: new checks, reporting and
Eclipse integration
This is the current state of planning and may be changed by SAP at any time.
© 2016 SAP SE or an SAP affiliate company. All rights reserved.
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice.
This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a
particular purpose, or non-infringement
Customer
40
Future
Direction
SAP’s security products
SAP HCP, identity authentication and identity provisioning services
Authentication & single sign-on
API based authentication flow
X.509 authentication
TFA with RSA
User management
Approval for self-registration
Provisioning service
Delegated administration (B2B)
Corporate features
Cloud desktop
APJ data center (Tokyo)
This is the current state of planning and may be changed by SAP at any time.
© 2016 SAP SE or an SAP affiliate company. All rights reserved.
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice.
This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a
particular purpose, or non-infringement
Customer
41
SAP’s security products – SAP Single Sign-On
Future
Direction
Future direction
Integration
SAP Enterprise Threat Detection
TCO reduction
Tight integration with platform security
Simplify security management across landscape
Security
Up-to-date security capabilities supporting SAP’s business applications
Security extensions for SAP’s cloud and IoT platforms
This is the current state of planning and may be changed by SAP at any time.
© 2016 SAP SE or an SAP affiliate company. All rights reserved.
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice.
This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a
particular purpose, or non-infringement
Customer
42
Future
Direction
SAP’s security products – SAP Identity Management
Future direction
Hybrid identity management
• SAP HANA Cloud Platform
• Identity lifecycle across on premise and cloud
Extend integration with SAP Cloud Identity Access Governance services:
• Identity authentication service (SSO)
• Identity provisioning service
• Access analysis service
Integration
• SAP S/4 HANA
This is the current state of planning and may be changed by SAP at any time.
© 2016 SAP SE or an SAP affiliate company. All rights reserved.
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice.
This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a
particular purpose, or non-infringement
Customer
43
SAP’s security products – SAP Enterprise Threat Detection
Future
Direction
Future direction
Event & context integration
SAP ERP HCM / Cloud apps
SAP HANA platform (ASE / DT)
Threat intelligence providers
Forensic lab
Detection of new threats
Advanced analysis & visualization
Alerts and investigations
Integration with SAP Solution Manager
Automated reaction
Flexible reporting / dashboards
Operations and cloud delivery
Hot/warm data management
Delivery as SaaS
This is the current state of planning and may be changed by SAP at any time.
© 2016 SAP SE or an SAP affiliate company. All rights reserved.
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice.
This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a
particular purpose, or non-infringement
Customer
44
SAP’s security products – SAP NetWeaver AS, add-on for CVA
Future
Direction
Future direction
New checks
New checks based on state of the art research and forensics
Workflow
Option to replace built-in workflow by other workflow engine
Developer productivity
Quick fixes for automated code adjustments
This is the current state of planning and may be changed by SAP at any time.
© 2016 SAP SE or an SAP affiliate company. All rights reserved.
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice.
This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a
particular purpose, or non-infringement
Customer
45
Summary
 SAP offers a comprehensive portfolio of Security and GRC solutions
 SAP enhances all of its security products, specifically in the area of threat
intelligence and cloud security
 SAP establishes security as a differentiator and business enables for its PaaS,
SAP HANA Cloud Platform
This is the current state of planning and may be changed by SAP at any time.
© 2016 SAP SE or an SAP affiliate company. All rights reserved.
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice.
This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a
particular purpose, or non-infringement
Customer
46
Thank you
Road map contacts for customers and partners
 Gerlinde Zibulski
© 2016 SAP SE or an SAP affiliate company. All rights reserved.
gerlinde.zibulski@sap.com
Director SAP Security Product Management
Key links for more information
For customers and partners
Key links
 Road maps on SAP.COM
http://go.sap.com/solution/roadmaps.html
 SAP Community Network
http://www.sdn.sap.com/
 IT Planning Resources
https://service.sap.com/~sapidb/011000358700001160122012E
Where to go to provide product feedback and ideas
 SAP Idea Place
https://ideas.sap.com
 Influence programs
http://service.sap.com/influence
 SAP User Groups
http://www.sapusergroups.com/
© 2016 SAP SE or an SAP affiliate company. All rights reserved.
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice.
This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a
particular purpose, or non-infringement
Customer
48
© 2016 SAP SE or an SAP affiliate company. All rights reserved.
No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP SE or an SAP affiliate company.
SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP SE (or an SAP affiliate
company) in Germany and other countries. Please see http://global12.sap.com/corporate-en/legal/copyright/index.epx for additional trademark information and notices.
Some software products marketed by SAP SE and its distributors contain proprietary software components of other software vendors.
National product specifications may vary.
These materials are provided by SAP SE or an SAP affiliate company for informational purposes only, without representation or warranty of any kind, and SAP SE or its
affiliated companies shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP SE or SAP affiliate company products and
services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as
constituting an additional warranty.
In particular, SAP SE or its affiliated companies have no obligation to pursue any course of business outlined in this document or any related presentation, or to develop
or release any functionality mentioned therein. This document, or any related presentation, and SAP SE’s or its affiliated companies’ strategy and possible future
developments, products, and/or platform directions and functionality are all subject to change and may be changed by SAP SE or its affiliated companies at any time
for any reason without notice. The information in this document is not a commitment, promise, or legal obligation to deliver any material, code, or functionality. All forwardlooking statements are subject to various risks and uncertainties that could cause actual results to differ materially from expectations. Readers are cautioned not to place
undue reliance on these forward-looking statements, which speak only as of their dates, and they should not be relied upon in making purchasing decisions.
© 2016 SAP SE or an SAP affiliate company. All rights reserved.
This presentation and SAP‘s strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice.
This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a
particular purpose, or non-infringement
Customer
49