Infrastructure for the Digital World - fujitsu.com · Identity management • Connector for SAP...
Transcript of Infrastructure for the Digital World - fujitsu.com · Identity management • Connector for SAP...
0 Copyright 2017 FUJITSU
#FujitsuWorldTour
Infrastructure for the Digital World
Fujitsu World Tour 2017
#FujitsuWorldTour
1 Copyright 2017 FUJITSU
La potenza dei dati è nulla senza controllo: la Secure Autentication come valore aggiunto delle architetture SAP HANA per la Digital Co-Creation
Antonio Gentile
SAP Business Development Manager
Fujitsu Italia
Salvatore De Caro
SAP HANA Platform Architect
SAP Italia
3 Copyright 2017 FUJITSU
The potential economic impact of IoT
http://www.mckinsey.com/insights/business_technology/the_internet_of_things_the_value_of_digitizing_the_physical_world
4 Copyright 2017 FUJITSU
Hacking & Cyber-Fraud
Hackers have evolved to steal data, transfer funds or cause targeted damages.
SAP passwords are not encrypted by default – user
name and password credentials can easily be obtained by hackers.
Authentication is only done once at log-on - there is no re-authentication during a work session.
Although the statistics shown are overall costs due to all types of incidents, those associated with SAP can be drastically reduced.
Source: http://www.ponemon.org/library/2014-global-report-on-the-cost-of-cyber-crime
Average annualized cost of cyber-fraud and hacking per
organization
$12.7M in 2014
5 Copyright 2017 FUJITSU
With Fujitsu’s PalmSecure technology, people can confirm their identity by scanning their unique palm vein pattern. Security no longer revolves around authenticating passwords; it’s all about authenticating people.
It simplifies procedures, reduces costs and, most importantly, increases security.
The Answer to Security is in the Palm of Your Hands
5
Position hand
over sensor
Sensor focuses &
detects live hand
Hand is scanned
with near-infrared
light and vein
patterns
are captured
Hand veins are recorded and
compared with pattern stored
either locally (e.g. SmartCard)
or in a database
How palm vein security works
6 Copyright 2017 FUJITSU
Deep Security for SAP
SA
P P
LM
SA
P S
RM
SA
P S
CM
SA
P E
RP
SA
P C
RM
Ind
ustr
y
Com
pl.
NW-VSI SAP NetWeaver
LINUX OS
Servers & VMs
Storage
Network
NW-VSI 2.0
Deep Security
NW-VSI 2.0 API
• SAP Content Security
• Active Content Protection
• Anti Malware (SAP)
• Anti-Malware (OS)
• Web-Reputation
• Firewall
• Intrusion Prevention
• Integrity Monitoring
• Log Inspection
Server
Security
Deep Security
For SAP
8 Copyright 2017 FUJITSU © 2017 SAP SE or an SAP affiliate company. All rights reserved.
Can’t See Value in Your Business Data? The Bad Guys Can …
By 2021, cyber insurance payouts reach $1 billion worldwide (20% CAGR) as cyber policies become more formalized and more companies adopt them.
By 2018, ransomware attacks on healthcare providers double.
By 2023, 50% of WW retailers (75% of U.S. retailers) engage service providers to monitor their network and cloud networks for ongoing and future threats through security as a service subscriptions and outsourced services.
IDC, Nov. 2016
9 Copyright 2017 FUJITSU
Finance Transactions in SAP S4/HANA
… user can edit invoice amounts.
Without bioLock™ … … user can execute
financial transactions without limit on the amount.
… no audit data will be recorded.
… there is no accountability for the user.
… traditional SAP user roles cannot control this.
10 Copyright 2017 FUJITSU
Finance Transactions in SAP S4/HANA
With bioLock™ …
… permitted with restrictions
… logged in a tamper-proof audit file.
… prevented
… access, viewing and/or changes to this data will be …
or and
11 Copyright 2017 FUJITSU
PS bioLock for SAP
Software bioLock
■ Control and monitoring of SAP applications by customer defined checkpoints with re-authentication
■ The only biometric SAP protection application and SAP certified ■ Adjustable to screen and field level ■ Login data never forwarded ■ Companies: highest level of security for SAP applications ■ Powered by Realtime US
Secured usage of SAP applications
■ Fraud prevention
■ Data control
■ Controlled authorized financial transactions
■ Process logging and monitoring of SAP transactions
■ Individually secured processes e.g.
■ Finance transactions ■ Personnel data ■ Customers lists ■ ...
PA
LM S
EC
UR
E
12 Copyright 2017 FUJITSU
Benefits of realtime bioLock™ for use with SAP S4/HANA – powered by Fujitsu PalmSecure
Secured and audit proofed evidence of
transactions
Protecting and controlling of data and transactions
Easy integration into existing infrastructure
Easy and practicable for users, hygienic,
high user acceptance
14 Copyright 2017 FUJITSU
Summary - Fraud Prevention
No matter what your industry, biometric re-authentication at granular levels is the key to dramatically improving your security in SAP.
Whether Finance, HR, Sales, Operations or other, use PalmSecure and bioLock™ to prevent fraud in SAP.
The realtime bioLock™ for use with SAP S4/HANA – powered by Fujitsu PalmSecure Biometric Identity Management & Credentialing Software lets you combat fraud in all areas including purchasing, payroll, inventory, retail POS and many more…
Aerospace & Defense
Automotive
Banking
Chemicals
Consumer Products
Defense & Security
Engineering, Construction, and Operations
Healthcare
Higher Education & Research
High Tech
Industrial Machinery & Components
Insurance
Life Sciences
Media
Mill Products
Mining
Oil and Gas
Professional Services
Public Sector
Retail
Telecommunications
Transportation & Logistics
Utilities
Wholesale Distribution
15 Copyright 2017 FUJITSU © 2017 SAP SE or an SAP affiliate company. All rights reserved.
SAP HANA Platform The in-memory data platform for digital business
DATABASE MANAGEMENT
Web Server JavaScript
Graphic Modeler
Data Virtualization ELT & Replication
Columnar OLTP+OLAP
Multi-Core & Parallelization
Advanced Compression
Multi-tenancy Multi-Tier Storage
Graph Predictive Search
Data Quality
Series Data
Business Functions
Hadoop & Spark Integration
Streaming Analytics
Application Lifecycle Management
High Availability & Disaster Recovery
Openness Data Modeling
Admin & Security
Remote Data Sync
Spatial
Text Analytics
Fiori UX
ALM
</>
APPLICATION DEVELOPMENT DATA INTEGRATION & QUALITY ADVANCED ANALYTICAL PROCESSING
SAP, ISV and Custom Applications
All Devices
OLTP + OLAP ONE Open Platform ONE Copy of the Data
S A P H A N A P L A T F O R M
16 Copyright 2017 FUJITSU © 2017 SAP SE or an SAP affiliate company. All rights reserved.
Manage secure data access and keep your systems protected
SAP HANA provides a comprehensive security framework
✔ Securely run SAP HANA in a variety of environments
✔ Meet increasing regulatory and compliance requirements
✔ Easily configure, manage and monitor security
✔ Keep up to date with relevant security updates
17 Copyright 2017 FUJITSU © 2017 SAP SE or an SAP affiliate company. All rights reserved.
Manage secure data access and keep your systems protected
Transport/data encryption User/role
management
Secure
development
Secure
configuration
Authentication
Single sign-on
Audit logging
18 Copyright 2017 FUJITSU © 2017 SAP SE or an SAP affiliate company. All rights reserved.
Comprehensive encryption
SAP HANA
Application
encryption
Key
management
Encryption
management
Backup
encryption
Data at rest
encryption
Communication
encryption
19 Copyright 2017 FUJITSU © 2017 SAP SE or an SAP affiliate company. All rights reserved.
Da
ta C
en
ter
Security infrastructure integration
SAP HANA supports industry standards and documented interfaces to enable integration with the customers’ security network and datacenter infrastructures
Identity management • Connector for SAP Identity Management, SQL interface for integration with other identity management solutions
• Integration with LDAP for role assignment
Compliance • Connector for SAP Access Control
Single Sign-On • E.g. for Microsoft Active Directory
Logging • Standard logging infrastructures (Linux syslog)
Threat detection • SAP Enterprise Threat Detection support
Antivirus • XS antivirus interface
Logging syslog
Single Sign-On Kerberos
SAML
SAP HANA
Identity Management SQL
Compliance SQL
XS NW-VSI
compatible Antivirus
Threat Detection Log data
20 Copyright 2017 FUJITSU © 2017 SAP SE or an SAP affiliate company. All rights reserved.
SAP secure software development lifecycle
At the core of SAP’s development processes is a comprehensive security strategy
Secure software development lifecycle (secure SDL)
• Comprehensive framework of processes, guidelines, tools and staff training
• Ensures that security is an integral component of the architecture, design, and implementation of SAP solutions
• Risk-based approach, uses threat-modeling and security risk assessment methods
• Comprehensive security testing with automated and manual tests
• See SAP Security @ http://www.sap.com/security
21 Copyright 2017 FUJITSU © 2017 SAP SE or an SAP affiliate company. All rights reserved.
Security patches
Keep up to date by installing the latest security patches and monitoring SAP security notes
Monthly SAP Security Patch Day
• SAP security notes contain information on the affected application areas and specific measures that protect against the exploitation of potential weaknesses
• See also http://support.sap.com/securitynotes and SAP Security Notes – Frequently asked questions
Security improvements/corrections ship with SAP HANA revisions
• Installed using SAP HANA’s lifecycle management tools
• See also SAP Note 2021789 – SAP HANA revision und maintenance strategy
Operating system patches • Provided by the respective vendors SuSE/Redhat
22 Copyright 2017 FUJITSU © 2017 SAP SE or an SAP affiliate company. All rights reserved.
Need more information on SAP HANA security?
Read the SAP HANA security whitepaper
Check out our security website http://hana.sap.com/security
23 Copyright 2017 FUJITSU 23
THERE‘S A
TIME FOR
SECURITY.
AND IT‘S
ALWAYS
NOW.
Run Simple SECURITY IS LIVE | Learn more at hana.sap.com/security
28 Copyright 2017 FUJITSU
Agenda
14.00 Datacenter Co-creation Experience: architetture iperconvergenti e software-defined per un Datacenter agile, scalabile e sicuro- Il caso di successo di ConTe.it
• Paolo Perrucci , IT Transformation Manager, ConTe.it
• Danilo Salladini , Business Development Manager HyperConverged & Integrated DC Solutions, Fujitsu Italia
14.45 Proteggere le informazioni: dalla moderna Data Protection alle linee guida per il GDPR
• Andrea Sappia – Sales Consultant Manager – Fujitsu Italia
15.30 La potenza dei dati è nulla senza controllo: la Secure Autentication come valore aggiunto delle architetture SAP HANA per la Digital Co-Creation
• Antonio Gentile, SAP Business Development Manager, Fujitsu
• Salvatore De Caro, SAP HANA Platform Architect, SAP Italia
16.15 Fine lavori – coffe break