Documente Academic
Documente Profesional
Documente Cultură
Obsolete technical users and other users Insecure network configuration that allows to access
HANA internal communication from outside
Users allowed
Secure default configuration to read all data Several users with various critical authorizations
overwritten with modifications (development and/or administration privileges)
from earlier releases in productive system
How to define, implement and monitor the security of your SAP HANA Platform ?
2016 SAP SE or an SAP affiliate company. All rights reserved. Public 2
Classification of Security Services
Overview
Companys
SAP Security
Baseline
Detailed Services Configuration Validation
Detail Target
System
Security Optimization Service (SOS)
System Recommendations
Security Notes in the SAP Support Portal
5. System Recommendations
how to improve the security of your system. Primary focus: SAP HANA Database
When to book? Consider to book a Security Optimization Service for one or multiple SAP HANA
Systems if at least one of the following statements is true for you!
Deploying new HANA capabilities like Multi Identify potential security issues.
Tenancy, XS Advanced Engine, Smart Data
Integration, Streaming, Learn about options to further improve the security
of your system.
Increasing the security level of your system due
to new requirements from business or Discuss customer-specific requirements directly
compliance side. with an SAP security expert
In the process of bringing your SAP HANA Analyze the security level of your SAP HANA as
platform operation to a higher maturity level. basis for a Security Engagement with SAP or for
your internal project
Users with critical privileges or with roles that must Evaluated Risk High
not be assigned in productive systems These authorizations allow users to access or change any data
Number of users having critical privileges without further authority check or authorize users to execute
List of users activities that are only allowed to be used by SAP Development.
Recommendation:
Make sure that the authorizations listed above are not granted to
users in a productive environment.
Review the users listed in the table below and revoke
authorizations unless they are required for a documented,
approved reason.
Evaluated Risk Medium
Users with critical system privileges Critical authorizations can enable users to perform actions that
Number of users having critical system privileges compromise the security of the system or its data. The more
List of users users are assigned the higher is the risk.
Evaluated Risk Medium
Users with directly granted privileges Privileges, that are granted directly to a user, can hardly be
Number of Users related to a specific role in the organization and the respective set
List of users by number of directly granted privileges of tasks. As result it is difficult to limit a users authorizations
according to the need-to-know principle.
Recommendation:
Configure separate networks on infrastructure level
communication
Customers can use the Security Checklist provided as part of the SAP HANA documentation or
Security MiniChecks provided with SAP Note 1969700 for analyzing the system on their own.
If one of these three parameters gets a non-green rating i.e. there is a severe finding regarding the password
policy enforcement then additional password complexity parameters are shown for information and
recommendation (see next slide).
Overview
SAP Security
Companys
Baseline
SAP Security
Template:
Baseline
(8 requirements)
Detailed Services Configuration Validation
Configuration
Detail Validation:
Target Stores available
System covering 20 SOS checks
Security Optimization Service (SOS)
System Recommendations
Security Notes in the SAP Support Portal
The SAP Security Baseline Template is a template document provided by SAP on how an
organization specific SAP Security Baseline could be structured. It is prefilled with selected baseline
relevant requirements and corresponding concrete values as recommended by SAP.
(see SAP Knowledge Base Article 2253549 The SAP Security Baseline Template)
Security Emergency
Security Compliance Audit Cloud Security
Governance Concept
Security Maintenance
Secure Code Custom Code Security
of SAP Code
Software Packages
Configuration Items ... Configuration Items
Configuration Management
Validation Dashboard
System
Monitoring /
Reporting Alerting
2. Implemented Checks
Currently very few
security-related checks
available.
3. Custom Adoption
Custom specific Alerts e.g.
based on HANA system
views or Configuration
Validation
No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP SE or an SAP affiliate company.
SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP SE (or an SAP affiliate
company) in Germany and other countries. Please see http://global12.sap.com/corporate-en/legal/copyright/index.epx for additional trademark information and notices.
Some software products marketed by SAP SE and its distributors contain proprietary software components of other software vendors.
These materials are provided by SAP SE or an SAP affiliate company for informational purposes only, without representation or warranty of any kind, and SAP SE or its
affiliated companies shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP SE or SAP affiliate company products and
services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as
constituting an additional warranty.
In particular, SAP SE or its affiliated companies have no obligation to pursue any course of business outlined in this document or any related presentation, or to develop
or release any functionality mentioned therein. This document, or any related presentation, and SAP SEs or its affiliated companies strategy and possible future
developments, products, and/or platform directions and functionality are all subject to change and may be changed by SAP SE or its affiliated companies at any time
for any reason without notice. The information in this document is not a commitment, promise, or legal obligation to deliver any material, code, or functionality. All forward-
looking statements are subject to various risks and uncertainties that could cause actual results to differ materially from expectations. Readers are cautioned not to place
undue reliance on these forward-looking statements, which speak only as of their dates, and they should not be relied upon in making purchasing decisions.