Data Centers | PUBLIC

How Secure Is the Data Center

© 2

020

SAP

SE o

r an

SAP

affilia

te c

ompa

ny. A

ll rig

hts

rese

rved

.

1 / 5

2 / 5

SAP data centers around the world meet high security standards. Whether fire, data breach, or hardware defect, our data centers are protected against many hazards. SAP regularly undergoes audits and reviews of the technology and infra-structure of its data centers.

Companies are looking for answers to the following questions.

AccessCan unauthorized people enter the data center?

Access to dataHow are hacker attacks fended off?

Power supplyWhat happens when power is interrupted?

HardwareIf the servers fail, is the data still secure?

Fire protectionIf a fire breaks out, who responds?

BuildingWhat happens if there is a natural disaster?

Data privacyIs data protection guaranteed?

BackupHow is data recovered?

© 2020 SAP SE or an SAP affiliate company. All rights reserved.

3 / 5

Access The data center is monitored around the clock. Single-person access and mantrap systems provide access only to authorizedindividuals. Technicians can enter special rooms using custom-configured ID cards. High-sensitivity areas require authentication by means of biometric scans.

Access to data An intrusion detection system monitors incoming data and identifies suspicious activities, while firewalls made by different manufac-turers protect the data in the data center. Data and backup files are exchanged with customers in an encrypted format or trans-mitted over secure fiber-optic cables.

Power supply Should the multiple-redundancy power supply system fail, batteries are automatically and immediately actuated and supply electricity for up to 15 minutes. During this time, emergency diesel generators are started. They can supply power to the data center for anextended period.

Hardware All virtual and physical servers, storage units, networks, and SAPHANA® databases in use access a pool of physical hardware. Ifan individual component should fail, the load can be immediatelyreallocated to other components without impairing system sta-bility. If hardware fails due to a fire, data can be recovered fromthe backup system.

Fire protection The data center is subdivided into multiple fire compartments. In addition, thousands of fire detectors and aspirating smoke detectors (ASDs) monitor all rooms. ASDs pick up the emission of specific gases from overheating electronic components and set off a preliminary alarm. Should a fire break out, the affected room is flooded with extinguishing gas (INERGEN) to smother the fire. In addition, the fire department is alerted automatically. Sprinklers are not used, as water would destroy sensitive elec-tronic devices. As a last resort, however, water or foam may be used as an extinguishing method by the fire department.

Find out how SAP data centers are protected and - looking at data center in St. Leon-Rot, Germany, as an example - how secure they are:

© 2020 SAP SE or an SAP affiliate company. All rights reserved.

4 / 5

Building The data center consists of 100,000 metric tons of reinforced concrete and rests on 480 concrete pillars, each extending 16 meters into the ground. The exterior walls are 30 centimeters thick and made of reinforced concrete. The server rooms are surrounded by 3 concrete walls. This design provides effective protection against storms or a small-airplane crash.

Data privacy SAP helps ensure compliance with data protection provisions. Data from cloud customers falls under the jurisdiction selected by the customer and is not forwarded to third parties. SAP support services help ensure that data protection is maintained during required maintenance operations.

Back-up Backups are carried out in the form of a disk-to-disk copy, which enables rapid data creation and recovery. In addition to full back-ups done on a daily basis, interim backup versions are created several times per day and are then archived, like all backups, at a second location for security purposes.

CHECKSAn overview of the most important checks is pro-vided below.

Continual ChecksDatabases and servers are routinely checked in real time to ensure that they operate properly.

Batteries for the emergency power supply must be charged and ready for use. Thus, the condition of batteries is continuously tested. If a battery’s maximum capacity decreases excessively, it is re-placed.

Gas cylinders containing the INERGEN fire-extinguishing gas must maintain a specific levelof pressure. An electronic pressure gauge on each gas cylinder electronically transmits deviations from the standard value to the central gas distribution facility.

MonthlyThe diesel engines are started automatically once per month to perform a full load test.

Every Three MonthsAn aspirating smoke detector (ASD) emits a pre-liminary alarm to the security department upon the slightest sign of fire or smoke. A second fire detector then emits a piercing alarm in the event of an emergency. An external company performs tests every three months using a smoke device to determine whether the ASD and fire detectors are active and functioning as expected.

Every Six MonthsThe diesel engines’ switch control panels are checked twice annually by an external company. The inspection ensures that in a power outage, the switchover functions as expected and that power is supplied to the servers.

© 2020 SAP SE or an SAP affiliate company. All rights reserved.

5 / 5

© 2020 SAP SE or an SAP affiliate company. All rights reserved.

Every YearDoors, windows, and ventilation systems are inspected annually. The door check verifies what types of door locks (toggle locks or deadbolt locks) are used and whether they comply with the standard. In addition, doors may not remain open beyond a specified time. During the inspection, a door is left open to see if an alarm is triggered as per the standard.

Further checks inspects the data center’s “black box” according to the international certification standard. It checks the video recordings made over the last 365 days to determine if doors were opened only for authorized individuals. Inspectors refer to this as a “door effectiveness” check.

Access authorization: Records from log files,card scanners, and duty rosters of the security service are checked. Some of the items on the checklist include how the security service organizes its 24-hour surveillance, how access cards are issued, and how the approval process is conducted.

For the “black-building” test, a power outage is simulated annually. The external power supply is cut off, so that the emergency power supply is actuated. This procedure ensures that the batter-ies can bridge the power failure as expected, the diesel motors start up automatically, and an ex-tended supply of electricity is provided. This test is conducted and recorded by the data center op-erator.

The assigned installation company regularly services the fire-extinguishing system and generates re-ports on the operability of sensors, for example, for any possible gas emissions.

An external company inspects construction mea-sures along with the engineering and architectural blueprints. This ensures that construction workon the data center does not damage a critical power cable due to improper or careless installa-tion, for example. SAP submits the engineering and architectural blueprints to auditors once annually.

Fire protection: Ceilings, walls, and doors in the data center must provide 90 minutes of fire resis-tance, according to the T90 and F90 classifica-tions for fire resistance. This capability is reviewed using construction plans and a physical inspection of the premises.

Air-conditioning system and temperature: As part of the annual inspection, the mainte-nance records of the electrical systems and room temperature reports is checked.

© 2020 SAP SE or an SAP affi liate company. All rights reserved.

No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP SE or an SAP affi liate company.

The information contained herein may be changed without prior notice. Some software products marketed by SAP SE and its distributors contain proprietary software components of other software vendors. National product specifi cations may vary.

These materials are provided by SAP SE or an SAP affi liate company for informational purposes only, without representation or warranty of any kind, and SAP or its affi liated companies shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP or SAP affi liate company products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty.

In particular, SAP SE or its affi liated companies have no obligation to pursue any course of business outlined in this document or any related presentation, or to develop or release any functionality mentioned therein. This document, or any related presentation, and SAP SE’s or its affi liated companies’ strategy and possible future developments, products, and/or platforms, directions, and functionality are all subject to change and may be changed by SAP SE or its affi liated companies at any time for any reason without notice. The information in this document is not a commitment, promise, or legal obligation to deliver any material, code, or functionality. All forward-looking statements are subject to various risks and uncertainties that could cause actual results to diff er materially from expectations. Readers are cautioned not to place undue reliance on these forward-looking statements, and they should not be relied upon in making purchasing decisions.

SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP SE (or an SAP affi liate company) in Germany and other countries. All other product and service names mentioned are the trademarks of their respective companies.

See www.sap.com/copyright for additional trademark information and notices.

51309enUS (17/05)

www.sap.com/contactsap

Follow us