When you look at security and data privacy investments from a business perspective, what are the most common challenges faced today? First and foremost, the costs for security operations and security management are on most people’s minds. The growing number of privacy and data protection regulations only increase the pressure here.
This is why the new SPS 04 release of SAP HANA 2.0 provides important enhancements addressing these challenges:
- Data anonymization KPIs increase transparency for decision makers when assessing anonymization scenarios, easy-to-understand new controls simplify the setup of anonymization views, and l-diversity enhances the k-anonymity method
- Audit retention policies let you specify a retention period after which audit log entries are automatically deleted
- Simplified authorization troubleshooting gets SAP HANA users up and running again quickly and with less administrative overhead
These new features fit seamlessly into SAP HANA’s
comprehensive security framework which enables businesses to innovate with confidence: with secure access to data and applications, a secure setup, and software that is resilient against attacks.
Data anonymization extensions
SAP HANA data anonymization, which was
introduced with SAP HANA 2.0 SPS 03, allows you to get analytical insights from data while protecting the privacy of individuals.
With the new release, SAP HANA introduces anonymization KPIs that help decision makers to assess critical variables for risk and utility. This makes it easier to achieve the right balance between the goals of protecting data privacy while ensuring that the anonymized data remains useful.
Real-time data anonymization was released with two anonymization methods: differential privacy and k-anonymity. Now l-diversity has been added, which is an extension to k-anonymity and provides additional protection for data sets with homogeneous sensitive attributes.
The setup of k-anonymity has also been simplified with the automation of generating hierarchies for generalizing quasi-identifying attributes, and data scientist can now control additional parameters when setting up anonymization views.
And finally, SQL views are now supported for data anonymization – previously only calculation views were available.
Need more information? Check out Stephan Kessler's blog on how to
Anonymize like a Rock Star!
Find more information on our anonymization web page at
http://www.sap.com/data-anonymization, read about an anonymization show case in this
blog, and review the
documentation.
Audit retention policies
Fine-tuned retention management is an important building block for compliance. You can now specify a retention period after which audit log entries of individual audit policies will be automatically deleted.
But compliance requirements are not the only reason why you might want to delete audit log entries: you can of course also use this new functionality to free up database space, delete audit log entries that simply are no longer needed.
The new audit configuration wizard in the SAP HANA cockpit makes it much easier to set up audit policies and to specify settings like the audit retention period.
For more information on audit log management, have a look at our
documentation.
Simplified authorization troubleshooting
Authorization is a cornerstone of controlled access in SAP HANA. Defining authorization concepts requires careful thought and consideration. If authorization errors occur in either the test or productive landscape, they need to be quickly resolved so that users can access the database objects they require. The new authorization troubleshooting features introduced in SAP HANA 2.0 SPS 04 aim to simplify troubleshooting by adding two new techniques.
Authorization error collection - Collect all authorization errors over a configurable amount of time with no need to enable additional tracing. Use a built-in procedure to retrieve information about a missing end-user privilege by means of an error ID.
For more information about resolving insufficient privilege errors, check out the
documentation.
Authorization Dependency Viewer in the SAP HANA cockpit - Visualize the object privilege hierarchy and troubleshoot missing privileges.
Stay tuned for an upcoming blog on the Authorization Dependency Viewer in the SAP HANA cockpit!
What else?
These are just the security highlights for SAP HANA 2.0 SPS 04, but there is much more:
- SAP HANA cockpit’s new security checklist makes it easy to review the most important security settings
- Column encryption provides new key rotation options and support for additional operations like joins on encrypted data
- The TLS/SSL best practice guide explains how to configure TLS/SSL in typical HANA scenarios.
More information
Please check out the
updated security guide. For general information on the SAP HANA 2.0 SPS 04 enhancements, read the
blog or review the
SPS 04 release notes.
And don’t forget to visit our SAP HANA security website at
http://www.sap.com/hanasecurity