Best Practice 5.1 – Define security roles and responsibilities - SAP Lens

Best Practice 5.1 – Define security roles and responsibilities

By defining the requirements to secure your SAP workloads, you can identify risks that must be addressed and ensure that security-related roles and responsibilities are appropriately assigned. In the suggestions, we discuss standards for AWS, SAP, and any service providers to form a baseline on which you can build your security strategy.

Suggestion 5.1.1 - Understand the AWS shared responsibility model

AWS is responsible for security of the cloud and you, as the customer, are responsible for security in the cloud. Be aware of and understand the following resources:

Understand the division of responsibilities between you and your partners in the context of the AWS shared responsibility model

Suggestion 5.1.2 - Understand the security foundations across SAP and AWS including compliance certificates, reports, and attestations

Understand the security standards and compliance certifications that SAP and AWS support. Determine which are relevant to your industry and country (for example, PCI-DSS, GDPR, HIPAA). These controls can help strengthen your own compliance and certification programs, and reduce the effort required to meet your security standards.

Refer to the SAP and AWS documentation for more details:

Suggestion 5.1.3 - Assess the security foundation of the service providers that support your SAP workload

If you are dependent on third-party organizations to manage all or part of your SAP workload, assess the ability of the third party to meet the required security controls. This includes the legal and regulatory requirements mandated by your enterprise.