What the SOC?! Clarifying the Audit Certificate Chain and Shared Responsibility
Meet the Experts
Key Takeaways
⇨ Effective management of responsibilities and trust relationships is vital in the cloud environment
⇨ Collaboration with cloud providers and central controls enhance security and compliance
⇨ The role of 3rd party auditors and their varying experience with cloud landscapes can impact processes
With a move to the cloud, more responsibilities are offloaded to other service providers, both directly and indirectly. For public cloud this turns into multiple layers of responsibilities across multiple parties both within SAP and down to the cloud provider, further complicating trust relationships. Contractual and regulatory obligations bind parties, while third-party audits for ISO, SOC, and PCI-DSS attest that security controls are in place and adhered to.
- This talk will show how the multiple layers of responsibility are managed within SAP, through central controls and compliance tracking for services provided by SAP Global Security and internal platform and infrastructure, and the solution teams, as well as how that extends into the cloud providers.
- The role of 3rd party auditors for different parties and their varying levels of experience with cloud landscapes, as well as the cloud maturity of the audit standards, and how that can complicate processes.
- How the combination of technical controls, brand reputation, economic interest, and legal practicalities further strengthen the security controls protecting customer data.
Read the presentation here.
