It is no secret anymore that IT security is one of the key concerns and major challenges in today’s highly networked, connected and digitized world.
Information fuels the digitized economy resulting in increasing amounts of information being collected, stored and processed. In consequence, the value of this information has grown vastly. As a result, many parts of our lives and our businesses are progressively dependent not only on the reliability of the information stored but moreover on the security of the IT systems running our world today.
The value of this information has not gone unnoticed – IT systems are a tempting target for many hackers. Those systems are therefore increasingly coming under attack, with new and sophisticated threats appearing on a regular basis.
SAP systems, including SAP HANA, are at the core of many SAP customers’ digitization strategies, both running their critical business applications and processes, and also containing their most valuable assets.
Keeping these systems secure is therefore of critical importance. As the global leader in business software, the security of our customer systems and data is paramount to SAP.
Unfortunately the security of a system cannot be achieved by pressing a “magic security button”. It would be more accurate to picture a jigsaw of different pieces, each with its specific security role, which need to fit together perfectly to create an all-round secure system. The pieces of this jigsaw are made up of a combination of people, processes, operations, products and infrastructure (e.g. networks, identity management, monitoring).
Equally there is no “one-size-fits-all” when it comes to security. Depending on various factors such as the business scenario, IT environment, deployment choices, existing infrastructure, industry or regulatory requirements, the security jigsaw can look very different. To complicate matters, there is also the challenge of coping with a constantly evolving and changing environment, additional regulatory requirements, the emergence of new threats and the discovery of new vulnerabilities. Patching, regularly reviewing then adapting the security environment of business systems is therefore growing in significance.
SAP HANA is designed to be a flexible platform that is at the heart of a variety of different scenarios, deployment options, environments, supporting different types of applications and business processes. SAP stands for secure and reliable software solutions, and SAP HANA security is designed to be flexible and adaptable to address the various security requirements in those different scenarios. This flexibility of SAP HANA allows it to fit into the customer’s specific security jigsaw.
The comprehensive security approach of SAP HANA covers different aspects of security including authentication, authorization, logging, and encryption, as well as tools for secure system set-up, configuration and administration. Additionally there is support for standards-based interfaces that allow for the integration into existing infrastructures.
Last but not least, SAP HANA has been developed according to SAP’s secure software development life-cycle (secure SDL), which is founded on a comprehensive product security strategy (“Prevent – Detect – React”). This strategy is applied across all of SAP’s software development and is based on training, tools and processes, which enable the delivery of secure products and services as well as an efficient security response process.
It is essential that everyone responsible for the security of a SAP HANA system has a thorough understanding of the security aspects of SAP HANA, i.e. how to best fit SAP HANA into the security infrastructure and how to keep systems up-to-date. Easy, fast and direct access to reliable information on all aspects of SAP HANA security is therefore vital to facilitate this understanding.
Hence the creation of a new space dedicated to SAP HANA security at http://hana.sap.com/security. This site will serve as the starting point and go-to place for anyone who needs information about all the different aspects of SAP HANA security. The topics covered there include information on the features and functions provided by SAP HANA in order to implement different access and security policies, alongside information on how to securely configure, manage and operate SAP HANA systems. Additionally, there is general information on how SAP develops secure products and where to find current information about security patches, updates and services provided by SAP to assist customers with running their systems securely.
