Scribd
Upload
16 views4 pages

What You Should Know About SAP Cloud Connector Security

Uploaded by

bd9zwnnph6
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
16 views4 pages

What You Should Know About SAP Cloud Connector Security

Uploaded by

bd9zwnnph6
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

SAGESSE TECH

What You Should Know About SAP


Cloud Connector Security?
What you should know about SAP Cloud
Connector Security?
The cloud connector forms the central interface to access the services of SAP Business
Technology Platform (SAP BTP) within your own system landscape. This solution acts as a link
between cloud and On-Premise systems and communicates with SAP BTP via secure
connections.

Figure 1: Cloud Connector as an Intermediary between Cloud-Based and On-Premise Systems

At the architecture level, the goal is for system connections that send data to or receive data
from the SAP cloud solutions to be handled by the cloud connector. Multiple instances of the
cloud connector can also be deployed. Distinct from these integration scenarios are
connections from end devices that typically access the cloud applications or services directly.

Some reasons for using the cloud connector as a link include the following:
• Centralized management of system connections
• Support of the necessary protocols, such as remote function call (RFC) for proprietary
SAP connections and Hypertext Transfer Protocol Secure (HTTPS) as a global standard
• Elimination of the need to configure various port mappings and firewall rules on both
sides of the cloud connector
• Easy and clear administration compared to previous concepts (e.g., SAP Gateway and
SAPRouter)

1
What you should know about SAP Cloud Connector
Security?

You must consider the security of your SAP Cloud Connector very seriously since it is acting
as a tunnel between your SAP Cloud Applications and On-Prem SAP Systems. A few points
to consider about SAP Cloud Connector (SCC) security are:

• Patch Management: SCC itself or the related environments must be thoroughly


patched. Because SCC uses Java, it’s mandatory that the JVM or the SDK is regularly
patched, too. The effort to keep your SCC and its environment up to date is not very
high, but you will increase your security posture significantly.

• SCC Location and Setup in the Network: SAP Cloud Connectors must be in the DMZ of
the customers infrastructure. It is even possible to install SCC on client PCs for test
purposes. These installations impose a high security risk since they are in most of the
cases not properly maintained and implemented without security measures.
Obviously, those test installations are not maintained properly and have been used
aside. We strongly recommend using a dedicated server especially for the SCC to
avoid that other administrators for other applications on the same server can access
the SCC, too. In addition, make use of hard-drive encryption to make sure the
configuration and Audit Logs cannot be read by unauthorized users.

• SCC Built-In Security Features Must Be Used: The SCC has a built-in security feature
that allows customers to regularly check the security status of their SCC. The built-in
security feature is the simplest way to raise your security posture to a mature level
following the recommendations made. In the latest versions of SCC, the SCC can be
connected and monitored through a standard API provided by SAP connecting to the
Solution Manager or to a SIEM Solution

• SCC Audit Log Must be Enabled and Monitored: The SCC has its own audit log that can
be enabled for monitoring purposes. SAP lets you configure the audit level
(subaccount or cross-sub-account). The default value is “Security” but can be extended
to “All”. You must never use or configure “Off”. As of SCC version 2.14 there is the
possibility to change the location of the audit log files. These files can be used to be
imported into a SIEM system.

2
Sagesse Tech
Sagesse Tech brings together the visionary,
creative international senior engineers and
realizes its vision for the future with a 360-
degree IT approach. Our IT approach
combines machines and human’s best
talents for niche, solid and innovative
solutions, especially in the fields of SAP ERP,
Oracle ERP, Cyber Security and Digital
Transformation.

Contact Info

+90 541 517 03 47 / +90 533 371 47 62


[email protected]
Istanbul, Turkey

You might also like