Security In The Cloud For SAP HANA

SAP HANA is an in-memory, column-oriented, relational database management system developed by SAP. Deployable on premises or in the cloud, SAP HANA lets organizations accelerate business processes, deliver more business intelligence, and simplify their IT environment. By providing the foundation for all data needs, SAP HANA removes the burden of maintaining separate legacy systems and siloed data, so organizations can run live and make better business decisions in the new digital economy.

SAP HANA works with Thales Vormetric Transparent Encryption (VTE) to create and enforce policies to protect data and log volumes, and prevent unauthorized system administrator, root user, and privileged users from accessing data. VTE also encrypts data and log volumes in a cloud service provider infrastructure – allowing the customer to be the custodian of the encryption keys. VTE can be quickly deployed to secure data – requiring no change to SAP, the underlying database, or hardware infrastructure. The approach enables enterprises to meet data governance requirements with rigorous separation of duties.

Thales provides a proven approach to securing SAP data that meets rigorous security, data governance, and compliance requirements. Whether securing an existing SAP deployment or upgrading to a new version, Thales delivers a proven approach to quickly secure SAP data while ensuring continued operation at optimal performance. Thales eSecurity is a SAP Silver Partner, and VTE has been qualified to work in SAP HANA solution environments.

Solution Capability   Explanation
Centralized key management   DSM is a centralized key manager for Vormetric Encryption as well as other encryption systems in enterprise
Separation of duties   Well defined, strong separation of duties between data administrators and security administrators
Audit Logs   Logs events that help with compliance and audits
Security Intelligence   Logs easily integrated with SIEMs to provide security intelligence and reduce APT attack surfaces
Structured and unstructured data   Use for SAP HANA, other databases, log and config files and all other kinds of files
Privileged User control   Control privileged user access and reduce APT risk surface
Performance and scalability   Proven in the field, high-performance and scalability
Security Standards   FIPS 140-2 Level 3 compliance; Common Criteria certification pending
Database coverage   All databases, big data systems and unstructured file types
Cloud ready   Runs across physical, virtual and cloud environments; Multi-tenant capabilities of DSM


Additional Resources

Vormetric Data Security for SAP Solution Brief

Achieving Security and Compliance for SAP HANA in the Cloud Solution Brief

Research and Whitepapers : SAP Data Protection

Vormetric Transparent Encryption for the SAP HANA® data management suite on Microsoft Azure - White Paper