IT security is a very important topic in almost any organization. Newspapers report frequently about new IT security incidents like hacked websites, successful Denial-of-Service attacks, stolen user data like passwords, bank account numbers and other sensitive data. Aside of the publicly reported attacks, there is also a large number of incidents that are not reported to the public. In particular, these cases are often related to espionage, where the affected party has no interest to report an incident.
Security experts all agree, that for protecting sensitive data, an organization must have an comprehensive security concept in place, taking all eventualities into account, that can potentially lead into security risks. This starts with properly setup policies, like a password policy and data protection policies for users and system administrators, continues with a protected IT environment using i.e. firewalls, VPNs, SSL in communication protocols and ends with hardened servers, intrusion detection systems, data encrypting and automated security reporting. Additionally, many organizations perform security audits on a regular basis in order constantly guarantee a maximum of security in their IT environment.
Comprehensive security concepts usually pay a high attention on database systems, since databases belong to the most critical pieces in each IT environment. Database systems, that potentially store sensitive data, are naturally very popular targets for hackers. Therefore, they must uniquely be protected.
The SAP HANA database typically stores business related information and very often, this information can be considered as being critical. In particular this is the case for ERP systems using SAP HANA as their database. Also many other SAP applications using HANA, like BW systems, might store sensitive data in the database.
SAP pays high attention on the security topic. For SAP HANA, there is a comprehensive security guide available, that describes in detail how to protect HANA from a database perspective. The guide also refers to security concepts for other connecting layers that are separate from the HANA database. This is for example the network and storage layer. However, these topics are described very generic and there is no specific guidance on how to apply these recommendations i.e. on the Operating System level.
At least as important as the security of the HANA database is the security of the underlying Operating System. Many hacker attacks are targeted on the Operating System and not directly on the database. Once a hacker gained access and sufficient privileges, he can continue to attack the running database application.
SUSE Linux Enterprise server is the recommended and supported Operating System for SAP HANA. SUSE has a long running history in IT security for Linux Operating Systems and offers a comprehensive security package for the SUSE Linux Enterprise Server to protect systems from all kind of security incidents. This package consists of the following components:
In order to further improve the security standard specifically for HANA, SUSE is currently developing a guide, dedicated for the security hardening of SUSE Linux Enterprise Server 11 running SAP HANA databases. It is meant to fill the gap between the generic SLES security guide and the HANA security guide. SUSE works together with a large pilot customer in order to identify all relevant security settings and avoid problems in real world scenarios. Also, SUSE works together with SAP to validate the hardening settings and to provide best compatibility with HANA.
The guide will provide detailed descriptions on the following topics:
All in all, this guide will cover all important topics in detail for the OS hardening of a SAP HANA system. Together with the other security features of SUSE Linux Enterprise Server 11, like the security certifications (CGL, FIPS, EAL4+) and the constantly provided security updates and patches, HANA can run in a very secure environment, meeting highest security standards and being able to fit in corporate security concepts of organization of all sizes.
The guide for the security hardening of SUSE Linux Enterprise Server 11 running SAP HANA databases is in final development stage and will be available early Q2 2014. Comments and feedback are welcome so feel free to post them here. I will post a blog with the guide on SCN once it is publicly available.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
4 | |
2 | |
2 | |
2 | |
2 | |
2 | |
1 | |
1 | |
1 | |
1 |