Follow these best practices to install, administer, and operate the SAP HANA system securely. More importantly, learn about control objectives that auditors check to gain assurance about controls in the SAP HANA system environment.
Reading this article, you will learn:
- Important audit concerns in a productive SAP HANA environment with associated risks and recommendations
- How to navigate the SAP HANA system to validate security-related settings and controls
- Relevant SQL statements, system views, and tables that are invaluable during a technical review of an SAP HANA system
A system audit is an exercise performed to gain assurance that defined controls work as intended, thereby eliminating the likelihood of fraudulent or malicious activities in the enterprise system. It involves the verification of conformance to policies and procedures through an acute review of objective and empirical evidences. An SAP system audit normally involves checking the controls defined in the system against what is defined in the security policies of an organization.
The SAP HANA system is SAP’s flagship in-memory database system with embedded intensive analytics capabilities. The network infrastructure, operating system (OS), hardware, and the SAP HANA database system itself all constitute important facets in the audit of an SAP HANA system landscape. The audit challenges come with different levels of complexities because of the diverse technological dependencies and associated dynamics that characterize a typical SAP HANA system landscape. Therefore, a comprehensive approach needs to be adopted when reviewing an SAP HANA system for vulnerabilities and security weaknesses.