A Guide to Passing an SAP HANA System Security Audit

  • by Kehinde Eseyin, Security Architect, Turnkey Consulting Ltd.
  • July 20, 2015
Follow these best practices to install, administer, and operate the SAP HANA system securely. More importantly, learn about control objectives that auditors check to gain assurance about controls in the SAP HANA system environment.
Learning Objectives

Reading this article, you will learn:

  • Important audit concerns in a productive SAP HANA environment with associated risks and recommendations
  • How to navigate the SAP HANA system to validate security-related settings and controls
  • Relevant SQL statements, system views, and tables that are invaluable during a technical review of an SAP HANA system
Key Concept

A system audit is an exercise performed to gain assurance that defined controls work as intended, thereby eliminating the likelihood of fraudulent or malicious activities in the enterprise system. It involves the verification of conformance to policies and procedures through an acute review of objective and empirical evidences. An SAP system audit normally involves checking the controls defined in the system against what is defined in the security policies of an organization.

The SAP HANA system is SAP’s flagship in-memory database system with embedded intensive analytics capabilities. The network infrastructure, operating system (OS), hardware, and the SAP HANA database system itself all constitute important facets in the audit of an SAP HANA system landscape. The audit challenges come with different levels of complexities because of the diverse technological dependencies and associated dynamics that characterize a typical SAP HANA system landscape. Therefore, a comprehensive approach needs to be adopted when reviewing an SAP HANA system for vulnerabilities and security weaknesses.

Kehinde Eseyin

Kehinde Eseyin is a security architect at Turnkey Consulting. He holds a bachelor’s degree in computer science. He has about 12 years of IT security, governance framework, IS risk, and compliance experience gained by working in numerous global organizations. Over the years, he has demonstrated competencies in security design, information assurance, cyber security, data privacy, threat and vulnerability management, penetration testing, business architecture, project management, IT audit, IS controls framework, and identity and access management.
 

See more by this author


Comments

No comments have been submitted on this article. 


Please log in to post a comment.

To learn more about subscription access to premium content, click here.