Here at oXya, cybersecurity is one of our key strategic pillars. At the core of our mission is a commitment to provide secure services and to protect your systems on a daily basis.
A priority for oXya
oXya guarantees the integrity, confidentiality, and availability of your data 24/7, with full traceability of all our operations on your systems. To uphold that promise, we have implemented a set of cybersecurity policies and processes that meet the requirements set by ISO 27001 and other recognized security references, such as the French cybersecurity agency (ANSSI).
“Drawing on our SAP expertise, we are able to integrate cybersecurity into the core of all our processes. In addition, oXya has developed special partnerships with recognized cybersecurity stakeholders who are benchmark organizations in their respective segments, and have strong ties to SAP themselves,” explained Emmanuel Dupont, CISO, oXya.
oXya, end-to-end security
Holding ISO 27001 certification, oXya has set up a cybersecurity governance framework in the form of its Information Security Management System (ISMS). It incorporates the legal obligations of the GDPR, along with controls taken from several standards and regulations that are applied by its customers.
Secure services and solutions to manage your systems
As a supplier of managed services and cloud solutions, oXya uses a multi-layered strategy to ensure that the security of its services (oXya Delivery) is guaranteed.
Identity and Access Management
oXya has a strict identity and access management policy, using best-in-class solutions:
- Privileged Access Management with CyberArk for full traceability of all actions performed, while enforcing for administrator workstations and customer systems.
- Identity & Access Management with multi-factor authentication (MFA) for accessing all in-house software.
- Identity & Access Governance to guarantee the least privilege and need-to-know principles.
- Identity & Access Security with constant monitoring of the oXya Active Directory, which itself complies with the security best practices drawn up by Microsoft.
The network is the backbone in our fight against cybersecurity threats. Our strategy combines next-generation firewalls (NextGenFW) and DDoS and WAF (Web Application Firewall) protection.
Network segregation means that each customer system managed by oXya is protected by its own firewall and separated from the rest of the network, whichever Cloud solution is being used.
Threat detection and response
oXya has deployed an XDR solution based on a combination of EDR/NDR/SIEM/SOAR and run by an SOC capable of detecting and – if necessary – blocking all attempted cyberattacks, 24/7.
This approach is supplemented by a cybersecurity incident response plan (CSIRP) for oXya teams, which outlines a rapid, coordinated response in the event of a cyberattack.
Data center security
oXya owns data centers, including two in France, where the SAP systems of some of its customers are hosted. Numerous measures are in place to guarantee the security of those data centers such as:
- Stringent physical access controls are used to control access to these critical areas: two-factor authentication and authorized access on an “as-needed” basis.
- 24/7 CCTV at access points and inside.
- Alarm system.
oXya data centers are also protected against environmental and external threats.
Security training and awareness
oXya runs Security and Privacy training and awareness campaigns every year to make sure all employees are committed to applying security best practices in their day-to-day work. oXya in-house webinars are scheduled on a regular basis to provide training in the cybersecurity incident response plan (CSIRP).
oXya employees are also confronted with phishing simulations to train them in how to recognize and report them.
Support to make your systems secure
Through its SAP expertise and privileged partnerships, oXya also provides support to its customers to help them guarantee the security of their critical environments, wherever they are.
Services included in oXya’s “all inclusive” package
A unique partnership with a recognized cyber security provider means oXya is able to integrate SAP vulnerabilities into its vulnerability management system and obtain a 360° view of the vulnerability status of an SAP system within a single console. An automated solution, based on market standards, allows for flexible and secure patch management, taking into account its customers’ business imperatives.
Fight against computer viruses
oXya has opted for the anti-virus software produced by Trend Micro, an SAP-certified partner, and has created a multitude of settings for all types of environments, including SAP, to protect both its in-house systems and those of its customers.
Optional security services
oXya offers a set of supplementary services tailored to your needs and expectations:
- Trend Micro Virtual Patching
- Managed EDR + SOC
- Penetration testing: on request, oXya can perform penetration tests on customer environments to assess the system’s security.
- SAP NetWeaver optional security module.
This page describes the security management principles at oXya. These principles are provided for information and are not contractually binding. The security of the services provided to oXya customers is exclusively governed by requirements laid down in a contract with the customer.