Whether the foe is fire, data breach, or hardware defect, data centers must be protected against many hazards. A series of quality seals and certificates show exactly how compliant a given data center is with all the necessary security precautions. The following description is based on the example of the data center in St. Leon-Rot.
SAP ensures that the same or equivalent certificates are valid at every data center where cloud solutions are run.
Data centers are sensitive entities that are exposed to hazards on many fronts. Imagine that all your data was suddenly lost because of a hardware malfunction. For most users and data center operators, this would represent a tremendous loss. For some, it would even spell their demise.
However, there’s no need to assume the worst right away. Location alone can make a data center secure or not. For example, a nearby stream could pose a risk of flooding. Unauthorized access could cause accidental or intentional damage. And equipment-related defects could result in failures and downtimes.
Germany’s Federal Office for Information Security (BSI) has listed various hazard categories in its manuals for basic IT security. Data centers would be well-advised to take the appropriate preventive measures for example against:
- Force majeure, for example, flooding, fire, and lightning;
- Organizational defects, such as sloppy or inadequate access rules for areas requiring security;
- Technical failure, like a failure of the power supply or security equipment;
- Deliberate acts, including, theft, unauthorized entry, or sabotage.
In the same way that cars in Germany require a TÜV inspection for roadworthiness at certain, pre-determined intervals, data centers should also have to demonstrate their operation-worthiness. Ultimately, this benefits both data center operators and users.
For example, data center operators would do well to understand that operating their technical equipment, associated systems, and data in a proper environment has a direct bearing on their economic existence. And users want to be able to count on the fact that their data is stored in a safe and protected manner. In particular, data centers that function as outsourcing service providers with responsibility for their customers’ data are obligated to maintain high security standards.
Certifications help to objectively identify and professionally evaluate security risks.
To do so, the security level of a given IT infrastructure is systematically examined using a variety of assessment criteria. If the data center passes the inspection, the operator is provided with a conformity document, usually in the form of a certificate, stating that it is operating its facility securely and reliably based on the latest technology.
Behind every certification, there is an inspection of certain parameters or criteria. For example, an inspection might test power supply, availability, or regulatory compliance (such as with the German Digital Signature Act). The significance of any given certificate is only as strong as the requirements outlined by the certification or attestation organization and the institution that performs the inspection.
Besides evaluating data center security, cloud providers are also interested in protecting their software and operations. Once the security of these two realms is assured, then customers can entrust their needs and data to the service providers.
Many certification organizations perform their inspections in accordance with various standards. Multiple auditing firms conduct audits based on national and international standards, such as ISO 27001, SOC 1 /SSAE 16 and SOC 2. The SAP data center is also audited according to these standards. Once the audit is successfully passed, the data centers receive a certificate or attestation report verifying their compliance with the respective standard.
To have a closer look into SAP’s certificates follow this link >
Workshop with the auditors to discuss the content of the test.
Examination of documents: The company seeking certification provides documents that include details of the processes.
On-site inspection: Auditors conduct an on-site inspection of technology, processes, and number according to a standardized checklist.
Final report: This includes detailed information on the areas that were inspected and what deficiencies need to be corrected.
Presentation of the certificate: The institution confirms that the data center has been certified according to the requirements of the auditors.