Understanding SAP's Security Approach (Episode 2 of 5)
In this session we will explain SAP's approach to providing secure products and secure cloud services to our customers. You will be introduced to SAP’s security development lifecycle and our cloud security and security certification approach. We will also explain the guiding principles for SAP’s secure development and the components of our end-to-end cloud security protection. Finally, you will learn how security requirements and standards for secure operations are embedded into the innovation lifecycle at SAP following a risk-based approach based on ISO 27001 and 27034.
Gerold Huebner, Chief Product Security Officer,SAP SE
Gerold Huebner, chief product security officer (CPSO) at SAP SE, owns SAP’s product security strategy and is the legal advisor for assuring the right data protection functionalities in SAP applications. He authoritatively drives the security development lifecycle processes at SAP across all development units.
In his role as CPSO, Huebner is leading the SAP Global Product Security team, which is responsible for all aspects of developing secure applications, topics including SAP’s internal product standard for security, static and dynamic code analysis and security testing practices, security awareness and security development training, security research, and security response.
Huebner is a member of the board of directors at SAFECode, an international industry cooperation driving best practices for secure product development.
Huebner’s accomplishments before SAP include 11 years with Microsoft in numerous strategic engagements. Within the Corporate Trustworthy Computing team, he represented the company internationally as a government security director.
Before joining Microsoft Huebner was the data protection supervisor for the state of Baden-Wuerttemberg in Germany. He has a degree in law and has specialized in data protection and security.
Ralph Salomon, Vice President, Secure Operations, SAP SE
Ralph Salomon, vice president, secure operations at SAP, is an award-winning senior executive with huge expertise in IT and cloud security. He has been with SAP for 11 years, during which time he built up the global SAP Cloud and IT Security team covering IT security, security incident management, cybersecurity, security monitoring center, process management, and internal control systems. He also took responsibility for operations security governance for cloud services from SAP (such as the SAP HANA Enterprise Cloud service, SAP SuccessFactors solutions, SAP Ariba solutions, and SAP Hybris solutions) in 2014. In 2015, he took over acting responsibility for global physical security and acted as co-chief security officer of SAP.
Before his career at SAP, Salomon was general manager and manager at KPMG in the area of information risk management with a focus on IT security, quality and risk management, and compliance.
Salomon has earned the IT Security Strategy Award 2012, the Ovum BYOX Strategy Award 2013, the CSO40 Award 2014, the BMC Security Innovation Award 2014 in the category "Effective Compliance," the IT Security Award 2015 in the category "Cloud Security," and the CSO50 Award 2016.