Security and data protection is becoming more important with changing regional law requirements such as the European Union’s General Data Protection Regulation (GDPR) and the Chinese Cybersecurity Law. Learn how to use SAP Hybris Commerce solutions to tackle these growing requirements step by step. Get insights on new features in SAP Hybris Commerce and SAP Hybris Commerce Cloud to address security, data protection, and privacy requirements, as well as strategy improvements in development. For more about SAP Hybris, please visit us at: https://hybris.com/en/products/commerce

1. PUBLIC
Andreas Hauke
October,2017
Address Evolving Security Challenges in
Commerce

2. 2PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ
“Security is disruptive by definition”
Security as main challenge for the industry

3. 3PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ
“New regulations like GDPR or the Chinese
Cyber Security law forces companies all
over the industries to rethink their approach.
Also the technology shifts are influencing
the view on security”
Why security?

4. 4PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ
How to tackle security with an overall approach – Secure SDL

5. 5PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ
A typical Commerce scenario
Consumer
interacts with the
Storefront
Orders
processed in
Commerce
Data is persisted
in DB
Admin / Product- or
Content Manager
uses Commerce
Backoffice
UI handles the
interaction
{y}

6. 6PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Features in Commerce to support security
Authentication Authorization Encryption Advanced security settings
§ High security password
storage using PBKF2 (NIST
proofed)
§ SSO with SAML and other
protocols
§ MFA via SAP Cloud Platform
Identity Authentication
§ Business roles in Backoffice
§ OAuth2 for headless
Commerce (protection for
REST service)
§ Permission services
framework
§ TLS everywhere
§ Transparent Attribute
Encryption
§ DBs, e.g. Hana, support
Encryption
§ Advanced Security Filters, e.g.
to protect against clickjacking
§ Output encoding libaries
shipped with platform
§ Advanced security settings in
Tomcat for security headers

7. 7PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Features in Commerce to support data protection
Consent Loggingof changes Transparency Data portability
§ Consent management in the
storefront for registered and
anonymous users
§ Audit logging of changes to
attributes containing PII
together with advanced
reporting functionality in
Backoffice (Future Release)
§ Data annotation framework
§ Advanced reporting
functionality for PII in
Backoffice (Future Release)
§ Impex
§ OCC - REST APIs

8. 8PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Where to get help? – help.hybris.com

9. 9PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ
“Security must be not a burden in
development and operations. It should be
integrated in the normal software lifecycle
using methodologies and automation”
Blameless security

10. 10PUBLIC© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ
QUESTIONS
COMMENTS
FEEDBACK
It is your turn