System security assessment for servers that support SAP HANA

By | 3 minute read | October 22, 2018

Pervasive Encryption

Information is at the core of today’s digital business operations. As the value of your organization’s information grows, it can become the primary target for a breach. A data breach occurs when someone is allowed to read data without authorization to access it.

Once hackers can read your data, they can steal or modify it. Sensitive and confidential information hackers are interested in may involve personal health information, personal identity information, trade secrets or intellectual property. Stolen data could be sold to other parties, which could incur further damage to the business and to clients for whom the data is relevant.

The consequences for businesses that experience a data breach can be severe, including destruction or corruption of a database, disruption of normal business operations, loss of data, revenue and reputation, damaged intellectual property and even subjection to a lawsuit from stakeholders. The 2017 Cost of Data Breach Study from the Ponemon Institute puts the global average cost at $3.6 million, or $141 per data record. The average cost of a data breach in the US is even higher at $7.3 million.

With the damage and consequences of breaches and data loss in mind, how sure are you that your company’s data is secure from unauthorized access? And how would you proceed now to identify and fix the weak points before hackers can take advantage of them?

To answer these questions, you have to look into how the system is accessed and how your data is protected. A secure system is a relative concept. A system can be as secure as it is intended to be only if security controls and features are properly configured and implemented.

Protect your data with SAP HANA

SAP HANA is an in-memory database management system for business processes with built-in support for business intelligence and analytics. HANA is certified to run on Red Hat Enterprise Linux and SUSE Linux Enterprise Server. Supported hardware platforms as of today are Intel-based hardware platforms and IBM Power Systems.

Just like other databases, your SAP HANA system stores and processes important data that may be critical to your business operations. You must take measures to ensure that the SAP HANA environment and its data are well protected from unauthorized access. SAP HANA provides a comprehensive set of security capabilities for addressing security and regulatory requirements not only for the database layer but also for other data engines and its integrated application server. The security capabilities cover user and identity management, authentication, authorization, encryption and so forth. These capabilities should be studied and implemented following your company and industry regulations and according to your own specific SAP HANA usage scenario.

Protect your database with a solid OS foundation

Now that you have SAP HANA set up and running and you implemented security measures following SAP HANA security guidelines, is your SAP HANA environment immune from security exposures? Not really, and here’s why.

SAP HANA runs on servers, whether they are Red Hat Enterprise Linux or SUSE Linux Enterprise Server. These servers should provide the first line of defense against any unauthorized access to the system.

It’s axiomatic to say that good security is like an onion. Layered security provides the best protection because it doesn’t rely solely on the integrity of any single element. SAP HANA is highly dependent on the operating system (OS) it is running on for security services. While IBM Power Systems has security built-in at all layers, from processor to hypervisor, OS security misconfiguration could leave more attacking surfaces open to hackers for accessing the system, and thus for accessing the SAP HANA environment.

As a result, it becomes extremely important for businesses to identify threats and reduce their exposure at the base OS layer so as to provide a solid and secure OS foundation for your SAP HANA database, application and data.

How IBM Systems Lab Services can help

I’m part of an IBM Systems Lab Services consultant team specializing in Power Systems security. Our security consultants have proven expertise in helping companies to assess their environment of security risks, identify key vulnerability areas and take risk remediation actions. We also provide one-to-one workshops to our Power Systems clients on security technology education and security capability enablement.

One of our popular services is the OS security assessment service specifically designed for the SAP HANA environment. This service was developed based on SUSE Linux Enterprise Server’s security hardening guide for SAP HANA as well as US National Security Agency recommendations for Linux. Reach out to Lab Services today to get our help in securing the servers that support your SAP HANA database.