๐Ÿ™‹ Support and IT Services
      Back to home
      1. Help Center
      2. Best Practices and FAQ
      3. ๐Ÿ™‹ Support and IT Services

      How does Semos Cloud Protect Customer Data?

      It is a cultural and organizational matter where all Semos Cloud employees need to be aware of and embrace security needs.

      Security is everyoneโ€™s job at Semos Cloud.  Developers, service engineers, and program and product managers must understand security basics, threats, common vulnerabilities, attack patterns and know how to build security into software to make products more secure while still addressing business needs and delivering user value.

      For architects and developers, security training provides knowledge about how to design secure software and how to write secure code. Developers and quality assurance engineers learn about proper security test methods and tools.  Effective training will complement and re-enforce security policies, SDL practices, standards, and requirements of software security, and be guided by insights derived through data or newly available technical capabilities.

      In details we provide:

      • 2,000+ experts in security and compliance in our staff combined between SAP Business Technology Platform and Semos Cloud
      • Regular penetration testing of service, vulnerability of application tested by 3rd party quarterly.
      • Static code scans and dynamic application security testing (DAST) as part of the risk-based security plan 
      • GDPR โ€“ EU Hosted, EU Supported - ISO 27001/17/18, BS10012, SOC 2, BS C5
      • TLS 1.2 256-bit encryption in-transit and AES-256 bit encryption at rest
      • Semos Cloud is a premium certified partner and runs natively on the SAP Business Technology Platform
      • SAP spends โ‚ฌ500 million yearly for data protection and security audits/protection on the platform we use.

      Itโ€™s important to remember that not everyone needs to be a security expert nor strive to become a proficient penetration tester. However, ensuring everyone understands the attackerโ€™s perspective, their goals, and the art of the possible will help capture the attention of everyone and raise the collective knowledge bar.  Therefore, security awareness and regular role-specific trainings are mandatory for all roles contributing to the creation and maintenance of our software products.

       

      If this article left your questions unanswered, please submit a Support Form, and we can clarify this topic.