贵州11选五遗漏查询 www.xv-j.com Guidelines, tools, and training help maintain?security throughout the architecture, design, implementation, and delivery of a?product.
Security in the digital economy
Everything is connected – therefore, security is everything
With the fast evolving digitalization of business processes and the relationships between people, information, and assets, security is a main concern that needs to be addressed. SAP delivers a 360 degree approach to covering all security aspects from secure products to secure operations.
Our customers expect ironclad information security for their on-premise, cloud, and mobile environments. For this reason, we work continuously to strengthen and improve security features in all of our software and service offerings as well as to protect our own company and assets.
Recommendations for securing SAP solutions
At the beginning of 2018, with Spectre (and Meltdown), a new class of vulnerabilities was published. In the following months, new variants have been discovered and published under the same pseudonym. Ongoing research and publication of new vulnerabilities and attacks suggest that the topic will continue to be relevant in the future. The common denominator of these vulnerabilities is that they are mostly caused by the architectural (hardware) design of the CPU that affects nearly every computer chip manufactured in the last 20 years. These vulnerabilities could, if exploited, allow attackers to gain access to data previously considered protected. Possible attacks are called side-channel attacks, in which the execution speed (timing) of certain operations could allow the removal of memory contents that are normally not accessible. From a security perspective, the concerns include the breaking of boundaries within virtualized environments.
How is SAP affected?
SAP thoroughly investigates the impact of these?vulnerabilities and?is closely aligning with corresponding vendors,?providers, and the Open Source?community. SAP works on investigating if, where,?and how our platforms, databases, applications, and cloud operations?are?affected.?
SAP is?taking a proactive approach and is fixing potential flaws derived from hardware?side-channel attacks without undue delay.?You can find more information?on our patching progress for our Cloud environments here (registration?required).?As a consumer of affected software?and hardware, we largely depend on the availability of patches provided by?respective vendors, providers, or the Open Source community. The schedule of?applying appropriate patches is, to a large extent, determined by their?availability.
Recommendation to customers
SAP recommends that all customers carefully monitor and follow the advice on implementing security patches provided by hardware and operating system providers as soon as they become available. SAP will apply fixes to its cloud infrastructure without undue delay. SAP Global Security is constantly monitoring the situation.
Each variant was given its own CVE number (updated November 6,?2018):
- PortSmash CVE-2018-5407
- L1?Terminal Fault (CVE-2018-3646, CVE-2018-3620 and CVE-2018-3615)
- Variant 4–Spectre NG (CVE-2018-3639)
- Variant 3a–Spectre NG (CVE-2018-3640)
- Variant 3–Meltdown (CVE-2017-5754)
- Variant 2–Spectre (CVE-2017-5715)
- Variant 1–Spectre (CVE-2017-5753)
Each of these vulnerability variants may be exploited to read confidential data such as CPU or kernel memory. The level of criticality and potential for exploitation differs between each of the variants.
Further vendor information about before mentioned security vulnerabilities, resources and responses:
Please note that SAP is not liable for any content on these?external sites.
Hear from security experts
Security in the Intelligent Enterprise
Are you using the security capabilities?built into your enterprise applications??Listen to IDC analyst Rob Westervelt explain why security?solutions are becoming more complex to manage and a fundamental?element of the SAP Intelligent Enterprise.
Cloud security at SAP
Discover how SAP addresses one?of the?critical requirements companies demand when moving to the cloud – the?underlying security and trust architecture of the services and?products.
Product security strategy
Protecting data by building safe software is?core in our product security strategy. At SAP, prevention, detection, and?reaction are the three pillars of this strategy.
Customer data is protected from unauthorized access even by SAP employees with the classification as “confidential”. To access customer systems, such as SAP HANA Enterprise Cloud, a two-factor authentication process is required.?