Enhanced Data Protection in SAP HANA 2.0 SPS 01

To manage secure data access and protect your corporate information, SAP HANA provides a comprehensive security framework and tooling for authentication and single sign-on, authorization and role management, user and identity management, audit logging, secure configuration and encryption. Learn more about SAP HANA security in general at sap.com/hanasecurity

With the new SAP HANA 2.0 SPS 01 release, new features for enhanced protection of sensitive and confidential data were added. Some of the highlights are:

• Dynamic data masking
• Native backup encryption

Using the new dynamic data masking, you can now apply an additional layer of access control to data in views. By defining custom column masks you can choose how sensitive data is displayed to users by leveraging the new UNMASKED privilege. For example, you can define that ###-##-#### or the last four digits are displayed for social security numbers instead of the clear text. Since the data is only masked when displayed, SAP HANA can still execute calculations on this data as usual. For more information, see SAP HANA Dynamic Data Masking (blog).

SAP HANA already provides comprehensive data at rest capabilities for its data volumes and redo logs. The new native backup encryption now adds backup encryption for full data backups, delta data backups and log backups. Encryption for both file system backups and backups via Backint (interface for third-party backup tools) are supported. If you are using a third-party backup tool, you now have a choice between native SAP HANA encryption or tool-side backup encryption. For more information, see the SAP HANA Security Guide.

There is another aspect of SAP HANA that is now much easier to leverage for further strengthening security in your landscape: multi-container database mode is now the default database mode for all SAP HANA systems. With the upgrade to SAP HANA 2.0 SPS 01, all single-container systems are automatically converted to multi-container database mode comprising one system database and one tenant database. Using multi-container database mode, you can easily implement

• Stronger protection of application data through isolation in dedicated tenant databases
• Enhanced segregation of duties with separate management of system and tenant databases and separate networks for administration and application access
• Hardening of tenant databases by restricting exposed functionality and configuration options, and fine-tuning security settings like TLS/SSL per tenant

For more information, see Multi-Container Database Mode is the New Default (blog).

These are just the highlights of new security features added with SAP HANA 2.0 SPS 01, but there is more! Check out the SAP HANA 2.0 SPS 01 live expert sessions, the What’s New blog and the SAP HANA release notes for detailed information.

And don’t forget to visit our SAP HANA security website at sap.com/hanasecurity!