Important Information about changing Default Keys in SAP HANA
Last week we saw a conference talk and a few press articles related to an alleged default security configuration in SAP HANA installations.
We have thoroughly investigated these reports. Our recommendation to all of our customers is to follow the advice in the SAP HANA Security Guide and change the default master keys that are issued with SAP HANA installations. More information can be found in SAP security note 2183624 (registration required).
SAP stands for secure and reliable software solutions. As a global leader in business software, we take customer security very seriously and implement a high degree of product safety. Confidentiality, integrity, availability and data privacy are core values for SAP and its customers.
SAP has a comprehensive product security strategy across the enterprise that rests on three pillars: “Prevent – Detect – React”. An important component of this strategy is the “Secure Software Development Lifecycle” (S²DL) which provides a comprehensive framework of processes, guidelines, tools and staff training. Thus, we are able to ensure that security is an integral component when it comes to the architecture, design and implementation of SAP solutions.
We are continuously looking for ways to ensure customers’ systems are secured by improving our solutions, informing customers about recommended precautionary steps and providing security, data privacy and data protection services and products to our customers – for details see sap.com/security.