Spotlight: An SAP Security Architect Comments on Methods to Keep SAP HANA Secure

  • by Gary Byrne, Managing Editor, Financials Expert and SCM Expert
  • February 14, 2014
SAP Professional Journal
In this question-and-answer article, you’ll learn what measures to take to secure SAP HANA-based applications.

To find out what security issues SAP HANA presents to IT organizations, I asked Aman Dhillon, SAP security architect at Layer Seven Security, a series of questions. See what he had to say about monitoring access to SAP HANA-based applications and determining if your SAP HANA-based environment has the optimal level of protection. Aman also comments on key areas on which to focus to ensure optimal protection against a new form of malware that targets SAP systems.

Aman, what are some key security points an organization should consider before implementing SAP HANA?

First, organizations should be aware that there are some trade-offs to adopting SAP HANA with respect to security. In-memory databases are a relatively new technology, and therefore, do not offer the same range of security measures as conventional persistent databases that have benefited from 30 years of evolution.

This includes label-based rules for more granular control over data access, data redaction to mask the display of sensitive data, and utilities to apply patches without interrupting the availability of database services. However, these drawbacks are a caveat for the use of SAP HANA and should not be used as an argument against the implementation of in-memory databases. The performance edge delivered by SAP HANA is extraordinary and, in most cases, outweighs any security disadvantages.

Gary Byrne

Gary is the managing editor of Financials Expert and SCM Expert. Before joining WIS in March 2011, Gary was an editor at Elsevier. In this role he managed the development of manuscripts for Elsevier’s imprint responsible for books on computer security. Gary also has held positions as a copy editor at Aberdeen Group, a Boston-based IT market research company, and as an editor at, a publisher of content for the IT community. He also gleaned experience working as a copy editor for International Data Corp., a Framingham, MA-based IT market research company. He earned a bachelor of science degree in journalism from Suffolk University in Boston. He enjoys traveling, sailing as a passenger onboard schooners, and helping his wife, Valerie, with gardening during summer weekends. He’s a fan of all the Boston sports teams and once stood behind Robert Parish in a line at BayBank. He felt small and didn’t ask for an autograph. You can follow him on Twitter at @FI_SCM_Expert. His online footsteps can also be found in the SAP Experts group on LinkedIn.

See more by this author


No comments have been submitted on this article. 

Please log in to post a comment.

To learn more about subscription access to premium content, click here.