Let’s face it, securing your entire SAP biosystem is not an easy task. Apart from securing your roles and custom made source code, you also need to secure your Infrastructure. This means hardening several layers like the SAP platform layer, the underlying Operating System and the Database layer.
But where to start? What to do? How to get your SAP security to a higher level?
Well, in theory it is not that hard. The real world is harder and details depend on specifics of your organization, but in general one needs to:
- Get insight in the current SAP Security state! This is easier said than done, but there are (3rd party) tools and tons of documentation to help you.
- Assemble a team consisting of experts from several teams and start fixing. Aim first for the high risks and don’t try to solve everything at once. (not to underestimate: Make sure your management team has your back and budget available). The creation of a company baseline is highly recommended.
- Make sure to create a continuous process that keeps on checking / monitoring / adapting / mitigating to make it possible to react to new threats and keep the SAP security at a high level.
To help you with the second step SAP has released a SAP Security baseline template. Although not entirely new (the first version is already over a year old), it is of good help. The baseline has developed over the past few months and currently covers most SAP infrastructure areas. This includes for example Network, Operating System, database and application layer, but also SAP HANA checks.
This document for sure will help you creating your own baseline and cannot be left out of a proper SAP Security program.
The baseline can be accessed on the SAP Support site at https://support.sap.com/sos -> Media Library -> Security Baseline Template.
Joris van de Vis