Saba Cloud Security


The Saba-safety program provides a comprehensive assessment procedure in which the successful implementation of cross-industry practices is the focus. Saba not only ensures safety during system development, but also for compliance with data protection regulations. To be able to handle personal data safely and in accordance with the privacy requirements of your customers, keep, delete and transfer.


Saba Security Council

The Security Council Provides a consensus-based forum to support the Vice President of Information Services and Chief Information Security Officer to collaborate on:


  1. Identifying high-priority security and identity management initiatives; and
  2. Developing recommendations for policies, procedures and standards to address Those initiatives did enhance the security posture and protection afforded to Saba and its customer networks, information and information systems; and
  3. Evaluating compliance with existing regulatory and customer requirements (Safe Harbor, FISMA-Moderate, and other geographic / vertical requirements).


The Security Council is a consensus-based forum that supports the Vice President of Information Services and Chief Information Security Officer in the following areas:


  1. Establishing urgent safety initiatives and initiatives for identity management
  2. Recommendations with respect to policies, procedures and standards for these initiatives to increase the security that is provided to the customer networks and information systems of Saba
  3. Assessing the fulfillment of legal and customer requirements (Safe Harbor Statement, FISMA-Moderate, etc.)


System and data access control 

Sabas security model restricts access to systems and data on the basis of fixed duty separation (segregation of duties, SoD) and responsibilities (RACI) and on a need-to-know basis. The logical access to Saba-cloud systems is limited by means of security policies and procedures, two-factor authentication with unique username / passwords and special privileges on the local host. To access accounts of system administrators (root account) are pre-defined "Alias ​​accounts" required. Due to the standardized data classification of access to customer information only on systems is possible, which have been authorized by Saba.


Network Security 

The network security is ensured by multi-layer firewalls, a modern network design and network segmentation. Filter-tolerant firewalls traffic between Web, application and data levels. Firewalls support stateful packet inspection, deletion of abnormal packets, protection against denial of service attacks, spoofing monitoring and virus filters. Saba networks are designed for VLAN and subnet segmentation, port restrictions, access control lists and address and port translation. All physical connections are configured in a highly available mesh topology, each system and each service are at least two communication routes. This topology data integrity and data flow in all networks are ensured. Saba firewalls are configured according to the guidelines of the National Institute of Standards and Technology (NIST), and to all terminals with the most stringent policies are enforced. All safety devices and firewalls are monitored around the clock. The monitoring programs trigger alerts when defined thresholds are exceeded.


Overview of data centers

The Saba cloud data centers in North America and EMEA are "SSAE-16 / AT101 Type II" approved, "Safe Harbor" - and either "FISMA-Moderate" - or "ISO 27001" -certified. Our Asia-Pacific data center has the accreditation AS / NZS 7799.2: 2003 standard. Additional functions for the strict legal requirements are available.


Environmental precautions

All data centers are equipped with redundant high-density power supply, as well as automated and monitored plant control. The generating sets of all data centers are regularly tested and maintained by several fuel suppliers, so that the operation is ensured even in the event of a disaster.


Physical security

Physical access to Saba datacenters subject to strict controls and is limited to authorized employees and multilayered identity management systems. The access to the facilities and to the vault and cage areas is controlled by biometric and identification systems cardkey with approved customer lists and specified logon and logoff process. All servers and physical infrastructures are in closed racks. Access to the Saba People Cloud servers is only authorized personnel allowed.


Penetration Test 

Saba makes along with a third-party black box safety assessments of the main domain and attached hosts. These include a scan SQA (Software Quality Assurance) using the Saba web application and a network penetration test.


Web Application Scanning

As part of the system development Saba first performs a scan using the Qualys Web Application Scanning (WAS) supported by the solution of a third party (Vera Code) is validated. Vera code performs dynamic and static code analysis. The scan with Qualys and Veracode is geared towards the following points: 

  • Cross-site scripting
  • Introduction of SQL commands
  • Session Management
  • Introduction of operating system commands
  • Directory Traversal



The Saba team consists of Certified Systems Engineers, Cisco Certified Network Associates (CCNAs), Certified Information Systems Security Professionals (CISSPs) and technicians who have been trained on various infrastructure and system software products and / or tested.



Saba puts the design and operation of Saba cloud infrastructure and services, great value on security checks. The Information Security enjoys at Saba still highest priority, and we have achieved our goal to provide our customers the most efficient and safe services. Saba can check these security controls regularly independently. If you want more information, please contact your Account Executive or send an email to