The enhanced data processing functionalities of SAP HANA mean different security measures are required to counter new avenues for attacks, Matt Lonstine, Director of Client Services for Symmetry Corporation, advises. “SAP HANA is an application server, development platform, and more” — a revolution that requires security precautions be taken in a number of areas in SAP HANA. He provides strategic and technical cybersecurity tips for SAP HANA in his session, “Best Practices for Securing and Hardening SAP HANA,” at the upcoming Cybersecurity for SAP Customers 2018 conference produced by SAPinsider.
Among the topics he addresses are hardening the operating system, encrypting data, and protecting keys, as well as designing and planning for security.
Suggestions for hardening the operating system include:
- Install only packages that are absolutely necessary, as fewer software packages mean a lower potential for security holes
- Define and adhere to a patch strategy
- Use a central syslog server, which prevents logs from being manipulated locally on a compromised server
Tips for encrypting data and protecting keys include pre-encryption and post-encryption activities:
- Before encryption, change SSFS master keys and generate, back up, and activate new root keys
- After encryption periodically change SSFS/root keys and back up
- Enable data and log volume encryption immediately after installation/handover to ensure complete protection of the persistence layer.
The session ends with a section on choosing a platform for centralized SAP cybersecurity administration. The platform should include vulnerability and compliance checks with real-time detection and response. Lonstine goes on to describe the capabilities of third-party platforms, SAP Solution Manager, and SAP HANA Enterprise Threat Detection.
You can learn more about strategies to secure SAP systems at Cybersecurity for SAP Customers 2018 to be held in Prague from June 27 to 29. Visit www.sapcybersecurity2018.com for more information.