PUBLIC

SAP Asset Intelligence Network 1603Document Version: 1.0 – March 18, 2016

SAP Asset Intelligence Security Guide

Content

1 Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31.1 Overview of the Main Sections. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

2 Before You Start. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

3 Security Aspects of Data, Data Flow and Processes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

4 User Administration and Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

5 Data Storage Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

6 Other Security-Relevant Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

2P U B L I C© 2016 SAP SE or an SAP affiliate company. All rights reserved.

SAP Asset Intelligence Security GuideContent

1 Introduction

The Security Guide provides an overview of the security-relevant information that applies to SAP Asset Intelligence Network from a System Administrator perspective.

NoteThis guide does not replace the administration or operation guides that are available for productive operations.

Target Audience

System Administrators

This document is not included as part of the Installation Guides, Configuration Guides, Technical Operation Manuals, or Upgrade Guides. Such guides are only relevant for a certain phase of the software life cycle, whereas the Security Guides provide information that is relevant for all life cycle phases.

Why Is Security Necessary?

With the increasing use of distributed systems and the Internet for managing business data, the demands on security are also on the rise. When using a distributed system, you need to be sure that your data and processes support your business needs without allowing unauthorized access to critical information. User errors, negligence, or attempted manipulation of your system should not result in loss of information or processing time. These demands on security apply likewise to SAP Asset Intelligence Network. To assist you in securing the SAP Asset Intelligence Network, we provide this Security Guide.

1.1 Overview of the Main Sections

The Security Guide comprises the following main sections:

● Before You StartThis section contains information about why security is necessary, how to use this document, and references to other Security Guides that build the foundation for this Security Guide.

● Security Aspects of Data, Data Flow and ProcessesThis section provides an overview of security aspects involved throughout the most widely-used processes within SAP Asset Intelligence Network.

● User Administration and AuthenticationThis section provides an overview of the following user administration and authentication aspects:○ Recommended tools to use for user management○ Standard users that are delivered with SAP Asset Intelligence Network○ Overview of how integration into Single Sign-On environments is possible

● Data Storage SecurityThis section provides an overview of any critical data that is used by the SAP Asset Intelligence Network and the security mechanisms that apply.

SAP Asset Intelligence Security GuideIntroduction

P U B L I C© 2016 SAP SE or an SAP affiliate company. All rights reserved. 3

● Data ProtectionThis section provides information about how SAP Asset Intelligence Network protects personal or sensitive data.

4P U B L I C© 2016 SAP SE or an SAP affiliate company. All rights reserved.

SAP Asset Intelligence Security GuideIntroduction

2 Before You Start

SAP Asset Intelligence Network is built on top of SAP HANA Cloud Platform (HCP) using SAP UI5 as user interface technology as well as SAP ID Service as Identity and Access Management solution.

Table 1: Fundamental Security Information

Security-Related Material Description

SAP HANA Cloud Solution Brief SAP HANA Cloud Solution Overview

SAP Data Center Data center home page with focus on security and certifica­tion

SAP Security Certificates General SAP IT Security Certifications

For a complete list of the available SAP Security Guides, see SAP Service Marketplace at http://service.sap.com/securityguide

Additional Information

For more information about specific topics, see the Quick Links as shown in the table below.

Table 2:

Content Quick Link on SAP Service Marketplace or SCN

Security http://scn.sap.com/community/security

Security Guides http://service.sap.com/securityguide

Related SAP Notes http://service.sap.com/notes

http://service.sap.com/securitynotes

Released platforms http://service.sap.com/pam

Network security http://service.sap.com/securityguide

SAP Solution Manager http://service.sap.com/solutionmanager

SAP NetWeaver http://scn.sap.com/community/netweaver

SAP Asset Intelligence Security GuideBefore You Start

P U B L I C© 2016 SAP SE or an SAP affiliate company. All rights reserved. 5

3 Security Aspects of Data, Data Flow and Processes

The following general security measures are in place, and are applicable to all scenarios:

● Encrypted connection through HTTPS● User and role mapping with functional restrictions● Access control lists limiting access to data only to permitted roles, companies and users

The table below shows the security aspect to be considered for the process step and what mechanism applies.

Table 3:

Step Description Security Measure

User authentication The user logs on to the system. Authentication process based on SAML 2.0 Standard takes place.

Access credentials are not stored on site.

Invalid session IDs and cookies are inter­cepted.

Document upload Users can upload documents, including Microsoft Excel files, images, VDS files etc.

Virus scanning is in place for all up­loaded documents.

MIME Type check in place to prevent malicious uploads.

User administrative tasks Administrators can add and remove user accounts, and change the role assign­ments of user accounts

Division of responsibilities ensures that only company Administrators can carry out the listed user administrative tasks.

6P U B L I C© 2016 SAP SE or an SAP affiliate company. All rights reserved.

SAP Asset Intelligence Security GuideSecurity Aspects of Data, Data Flow and Processes

4 User Administration and Authentication

SAP Asset Intelligence Network uses the authentication mechanisms provided by SAP ID Service. The user management itself is specific to SAP Asset Intelligence Network and does not rely on any external tools.

Information about user administration and authentication that specifically applies to SAP Asset Intelligence Network is provided in the following topics:

● User ManagementThis topic lists the tools to use for user management in SAP Asset Intelligence Network.

● Integration into Single Sign-On EnvironmentThis topic describes how SAP Asset Intelligence Network supports Single Sign-On mechanisms.

User Management

User management for SAP Asset Intelligence Network uses the SAP HANA Cloud Platform as well as making use of SAP ID Service facilities.

For an overview of how these mechanisms apply to SAP Asset Intelligence Network, see the sections below.

User Administration Tools

SAP Asset Intelligence Network uses the user administration provided by the SAP HANA Cloud Platform to manage Users. System Administrators can add, remove and edit users. They can also provide/revoke multiple pre-defined roles to users.

SAP Asset intelligence Provides three predefined roles per application:

● READProvides read authorizations to the selected user on selected application.

● EDITProvides read and write authorizations to the selected user on selected application.

● DELETEProvides read, write and delete authorizations to the selected user on selected application.

Integration into Single Sign-On Environments

SAP Asset Intelligence Network supports the Single Sign-On (SSO) mechanisms provided by SAP HANA Cloud Platform in conjunction with SAP ID Service. SAP Asset Intelligence Network also allows customer trust accounts to be integrated with SAP HANA Cloud Platform to facilitate SSO using their own trust system.

SAP Asset Intelligence Security GuideUser Administration and Authentication

P U B L I C© 2016 SAP SE or an SAP affiliate company. All rights reserved. 7

5 Data Storage Security

SAP Asset Intelligence Network saves data in a dedicated database provided by SAP HANA Cloud Platform. Access to the database comes preconfigured with the infrastructure environment.

The database contains personal data (user profiles and company profiles), operational business data, and preferences and configurations. Information is updated continuously upon change.

Documents, such as media files and PDFs, are stored in the SAP HANA Cloud document management system.

Data Protection

SAP Asset Intelligence Network complies with data privacy and protection regulations. SAP Asset Intelligence Network supports the following functionality:

● helps customers delete personal data stored on the network using the user management application.● supports sharing personal data of a person whose details have been stored on SAP AIN when the user

requests for it.● maintains audit trial information such as the name of person who changed the personal data, time and date of

the data changed or data deleted.

8P U B L I C© 2016 SAP SE or an SAP affiliate company. All rights reserved.

SAP Asset Intelligence Security GuideData Storage Security

6 Other Security-Relevant Information

SAP Asset Intelligence Network is an SAP UI5-based application, and as such makes use of HTML5 and JavaScript. Active content (at least HTML5 and JavaScript) has to be enabled. This is mandatory, as Asset Intelligence will not work without it.

Session Security Protection

SAP Asset Intelligence Network is restricted to operating with Secure Socket Layer (SSL) and activated cookie handling in the browser only.

Security Lifecycle Management

SAP Asset Intelligence Network is hosted and operated by SAP. The Cloud Operations, Business Operations, and Development Team continuously monitor security-relevant issues and keep the system and software up to date.

SAP Asset Intelligence Security GuideOther Security-Relevant Information

P U B L I C© 2016 SAP SE or an SAP affiliate company. All rights reserved. 9

Important Disclaimers and Legal Information

Coding SamplesAny software coding and/or code lines / strings ("Code") included in this documentation are only examples and are not intended to be used in a productive system environment. The Code is only intended to better explain and visualize the syntax and phrasing rules of certain coding. SAP does not warrant the correctness and completeness of the Code given herein, and SAP shall not be liable for errors or damages caused by the usage of the Code, unless damages were caused by SAP intentionally or by SAP's gross negligence.

AccessibilityThe information contained in the SAP documentation represents SAP's current view of accessibility criteria as of the date of publication; it is in no way intended to be a binding guideline on how to ensure accessibility of software products. SAP in particular disclaims any liability in relation to this document. This disclaimer, however, does not apply in cases of wilful misconduct or gross negligence of SAP. Furthermore, this document does not result in any direct or indirect contractual obligations of SAP.

Gender-Neutral LanguageAs far as possible, SAP documentation is gender neutral. Depending on the context, the reader is addressed directly with "you", or a gender-neutral noun (such as "sales person" or "working days") is used. If when referring to members of both sexes, however, the third-person singular cannot be avoided or a gender-neutral noun does not exist, SAP reserves the right to use the masculine form of the noun and pronoun. This is to ensure that the documentation remains comprehensible.

Internet HyperlinksThe SAP documentation may contain hyperlinks to the Internet. These hyperlinks are intended to serve as a hint about where to find related information. SAP does not warrant the availability and correctness of this related information or the ability of this information to serve a particular purpose. SAP shall not be liable for any damages caused by the use of related information unless damages have been caused by SAP's gross negligence or willful misconduct. All links are categorized for transparency (see: http://help.sap.com/disclaimer).

10P U B L I C© 2016 SAP SE or an SAP affiliate company. All rights reserved.

SAP Asset Intelligence Security GuideImportant Disclaimers and Legal Information

SAP Asset Intelligence Security GuideImportant Disclaimers and Legal Information

P U B L I C© 2016 SAP SE or an SAP affiliate company. All rights reserved. 11

go.sap.com/registration/contact.html

© 2016 SAP SE or an SAP affiliate company. All rights reserved.No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP SE or an SAP affiliate company. The information contained herein may be changed without prior notice.Some software products marketed by SAP SE and its distributors contain proprietary software components of other software vendors. National product specifications may vary.These materials are provided by SAP SE or an SAP affiliate company for informational purposes only, without representation or warranty of any kind, and SAP or its affiliated companies shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP or SAP affiliate company products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty.SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP SE (or an SAP affiliate company) in Germany and other countries. All other product and service names mentioned are the trademarks of their respective companies.Please see http://www.sap.com/corporate-en/legal/copyright/index.epx for additional trademark information and notices.