At oXya, cybersecurity is a cornerstone of our strategy. We are dedicated to ensuring secure services and protecting your systems around the clock.
Our Commitment
oXya is devoted to maintaining the integrity, confidentiality, and availability of your data 24/7, with comprehensive traceability for all operations. We adhere to stringent cybersecurity policies and processes that comply with ISO 27001 and other industry standards, including those from the French cybersecurity agency (ANSSI).
“Leveraging our SAP expertise, we integrate cybersecurity into every facet of our operations. Additionally, we have established key partnerships with leading cybersecurity organizations that are also closely aligned with SAP,”
says Emmanuel Dupont, CISO of oXya.
End-to-End Security by oXya
With ISO 27001 oXya has implemented a robust cybersecurity governance framework through our Information Security Management System (ISMS). This framework incorporates GDPR requirements and various industry standards and regulations.
Comprehensive Security Solutions
As a provider of managed services and cloud solutions, oXya employs a multi-layered approach to ensure the security of our services (oXya Delivery).
Identity and Access Management
oXya enforces a robust identity and access management policy, utilizing top-tier solutions:
- Privileged Access Management by utilizing CyberArk complete action traceability and enforcement on administrator workstations and customer systems.
- Identity & Access Management by employing multi-factor authentication (MFA) for accessing all internal software.
- Identity & Access Governance in ensuring least privilege and need-to-know principles.
- Identity & Access Security by regularly monitoring the oXya Active Directory in line with Microsoft’s security best practices.
Network security
Our network security strategy combines next-generation firewalls (NextGenFW) with DDoS and Web Application Firewall (WAF) protections.
Each customer system is safeguarded by its own firewall and is isolated from other network traffic, regardless of the cloud solution used.
Threat Detection and Response
XDR strategy
Implements an XDR solution integrating EDR/NDR/SIEM/SOAR, managed by an SOC capable of detecting and blocking cyberattacks 24/7.
CSIRP strategy
Includes a Cybersecurity Incident Response Plan (CSIRP) for swift, coordinated responses to cyber threats.
Data center security
oXya owns data centers globally where we host SAP systems. We employ rigorous measures to ensure their security, including:
- Strict physical access controls are implemented for these critical areas, including two-factor authentication and access granted only on an “as-needed” basis.
- 24/7 CCTV monitoring and alarm systems.
- Protection against environmental and external threats.
Security training and awareness
We conduct annual Security and Privacy training and awareness campaigns to ensure all employees are dedicated to upholding security best practices in their daily tasks, including regular webinars on our cybersecurity incident response plan (CSIRP).
Employees also undergo phishing simulations to enhance their ability to identify and report threats.
Support for Secure Systems
With our SAP expertise and strategic partnerships, oXya supports customers in securing their critical environments, wherever they may be.
Included Services
Threat prevention
Through a strategic partnership with a leading cybersecurity provider, oXya integrates SAP vulnerabilities into its management system, offering a holistic view of the vulnerability status within a single console. Our automated, standards-based solution facilitates flexible and secure patch management, aligned with our customers’ business needs.
Virus Protection
oXya employs antivirus software from Trend Micro, a certified SAP partner. We configure various settings to safeguard both our internal systems and those of our clients, ensuring robust protection across different environments, including SAP.
Additional Security Services
oXya provides a range of optional services customized to meet your specific needs:
- Trend Micro Virtual Patching
- Managed EDR + SOC
- Penetration Testing: Available upon request, we can conduct penetration tests on customer environments to evaluate system security.
- SAP NetWeaver Security Module
Disclaimer
This page outlines oXyas cybersecurity management principles for informational purposes and is not contractually binding. The security of our services is governed exclusively by the terms outlined in customer contracts.