The global and independent platform for the SAP community.

Cloud - but secure

More and more companies are turning to cloud solutions. In Germany, there are still security concerns. The termination of the Safe Harbor agreement between the USA and the EU is adding to this. With the appropriate know-how, companies can protect their data well.
E-3 Magazine
December 4, 2015
2015
avatar
This text has been automatically translated from German to English.

German SMEs are reluctant to put their valuable ERP data in the cloud. The concerns about unauthorized access, which could lead to competitors gaining access to business-critical data, are too great. This is why many software service providers often offer on-premise solutions in addition to cloud-based solutions.

"The topic of the cloud still has a negative image in Germany in general, although many companies took the first step into the cloud a long time ago by outsourcing"

knows Nikolaj Schmitz, CIO at G.I.B.

Private, public and hybrid cloud

Large companies in particular have been relying on data center services for many years. However, a distinction must be made, because not all clouds are the same.

In the case of a private cloud, each customer is provided with dedicated ERP systems. They alone have exclusive access to their quasi-private system.

"As long as we are talking about the private cloud, I don't see any major difference to classic outsourcing, apart from the additional provisioning options"

says IT expert Schmitz.

The situation is different with the public cloud. Here, a large number of users have access to standardized applications that are used, for example, for travel expense accounting, event or talent management, i.e. all users share one system.

The disadvantage of the public cloud is that it generally cannot be used to map complex, highly customer-specific processes such as those in the logistics sector. If, for example, when posting goods receipts for subcontracting orders, feedback is to be provided on the production order process that caused it, standard applications are usually unable to do this.

Applications in the public cloud are therefore often only used as a supplement to existing IT systems so that such additional applications do not have to be laboriously implemented in the on-premise system. In this case, we speak of a hybrid cloud.

Consequences of the Safe Harbor ruling

Whether public, private or hybrid, the outsourcing of data is associated with certain risks. To minimize these risks, the EU issued a data protection directive in 2000.

The EU concluded the so-called Safe Harbor Agreement with the USA, in which the United States agreed to recognize the provisions of the Directive.

The European Court of Justice (ECJ) has now declared this agreement invalid. Proof that data on US servers does not meet the EU's security standards.

"Currently, US providers are obliged to grant the investigating authorities access to their customers' data"

Schmitz explains.

This is the case even if the servers of American companies are located in other European countries.

The IT expert therefore advises using German providers when outsourcing data. Data centers in the vicinity of Europe also generally offer sufficient protection for outsourced data.

However, this does not exempt companies from the need to carry out a comprehensive review of the security certifications of a cloud provider or data center. These certifications must be checked in regular audits by external bodies.

Security for the data line

However, the risk of unauthorized access to internal company information lies not only in data storage, but also in data management.

"Encryption in data transmission is the be-all and end-all"

says IT manager Schmitz.

This area has developed considerably in recent years. For example, the long-used SSL protocol is currently being replaced by TLS. This is more or less a further development of SSL, but it closes known security gaps.

Another advantage of TLS is that the protocol offers the option of implementing any higher protocol based on TLS. This guarantees the independence of applications and systems.

Companies also use VPN tunnels to ensure the secure transfer of their sensitive data between their own IT infrastructure and external service providers.

However, the option offered by some providers that data should not leave the German part of the Internet goes too far for Schmitz.

"In my view, this partly contradicts the basic idea of the Internet"

says the IT expert. In any case, this territorial thinking is unlikely to be a solution for companies that are expanding internationally in an increasingly global business world.

Risks with web applications

Companies that are expanding their business to other countries are particularly reliant on networking their operating sites abroad and providing their employees with uncomplicated and fast access to important information.

To do this, they rely on web applications that can be used by a large number of users located all over the world on different end devices.

"Many companies can no longer manage without web applications"

Schmitz knows.

They are often used, for example, to provide service and support for customers or to connect suppliers to ERP systems. Security measures are also in place here, from encryption and the use of firewalls to access monitoring, which minimize the risk of a hack.

In addition, various external auditors offer their services to put the security of such systems through their paces, sometimes using hacker methods.

However, the wide variety of end devices used for web applications is particularly tricky.

"But even in this environment, there are solutions that enable centralized and transparent management"

Schmitz explains.

For example, uniform security settings can be rolled out from a central location for all end devices in use.

In addition, companies also rely on VPN tunnels or encrypt end device access to the internal web application. Logging on to internal systems is also usually secured with a multi-level authentication process.

Saving at the wrong end

G.I.B also uses the outsourcing solutions of a partner with proven expertise in IT security issues for its Dispo-Cockpit Forecast and Dispo-Cockpit Vendor Managed Inventory software solutions.

The G.I.B web applications are accessed exclusively via encrypted connections.

"Furthermore, access to the applications is reduced to the required minimum via appropriate firewalls"

explains Schmitz.

All access is also monitored in order to quickly identify attacks and initiate countermeasures.

Of course, there is no such thing as 100 percent protection and a high level of protection such as that provided by G.I.B is associated with some effort and the associated costs.

However, it is not advisable to skimp on security measures, as the loss or misuse of data is likely to be much more expensive - not to mention the trust that business partners quickly lose in a company that does not offer adequate data security.

avatar
E-3 Magazine

Information and educational outreach by and for the SAP community.


Write a comment

Working on the SAP basis is crucial for successful S/4 conversion. 

This gives the Competence Center strategic importance for existing SAP customers. Regardless of the S/4 Hana operating model, topics such as Automation, Monitoring, Security, Application Lifecycle Management and Data Management the basis for S/4 operations.

For the second time, E3 magazine is organizing a summit for the SAP community in Salzburg to provide comprehensive information on all aspects of S/4 Hana groundwork.

Venue

FourSide Hotel Salzburg,
Trademark Collection by Wyndham
Am Messezentrum 2, 5020 Salzburg, Austria
+43-66-24355460

Event date

Wednesday, June 10, and
Thursday, June 11, 2026

Early Bird Ticket

Regular ticket

EUR 390 excl. VAT
available until 1.10.2025
EUR 590 excl. VAT

Venue

Hotel Hilton Heidelberg
Kurfürstenanlage 1
D-69115 Heidelberg

Event date

Wednesday, April 22 and
Thursday, April 23, 2026

Tickets

Regular ticket
EUR 590 excl. VAT
Subscribers to the E3 magazine
reduced with promocode STAbo26
EUR 390 excl. VAT
Students*
reduced with promocode STStud26.
Please send proof of studies by e-mail to office@b4bmedia.net.
EUR 290 excl. VAT
*The first 10 tickets are free of charge for students. Try your luck! 🍀
The event is organized by the E3 magazine of the publishing house B4Bmedia.net AG. The presentations will be accompanied by an exhibition of selected SAP partners. The ticket price includes attendance at all presentations of the Steampunk and BTP Summit 2026, a visit to the exhibition area, participation in the evening event and catering during the official program. The lecture program and the list of exhibitors and sponsors (SAP partners) will be published on this website in due course.