SAP HANA Security
In this blog series you will find quotes, backgrounds, suggested further readings and other information related to my latest book SAP HANA 2.0, An Introduction published by SAP Press.
For the others posts, see
Free Sample Chapter
The good folks over at SAP Press decided to give away numerous evenings, weekends, and even some vacation days of hard work writing the chapter on SAP HANA Security all for free! It is crazy.
Download your copy now before the site is taken down:
Each chapter starts with a quote and for the security chapter, I selected the unknown unknowns from Rumsfeld:
Reports that say that something hasn’t happened are always interesting to me, because as we know, there are known knowns; there are things we know we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns—the ones we don’t know we don’t know.
–Donald H. Rumsfeld
Quote from a news briefing from US Department of Defense secretary Rumsfeld, published February 12, 2002.
For the full transcript, see:
This briefing was a couple of months after the September 11 attacks and a year before the invasion of Iraq. On a personal note, I was 33 at the time, living in Paris, working for Oracle as onsite database support engineer, also often in the Tour Montparnasse, the high rise buildings of La Defense, and the extremely busy rail and metro hubs of the French capital. Lots of military around but little sense of security, i vividly recall.
The quote is a famous one, you can read all about it on Wikipedia, including about the Johari window that inspired it:
- There are known knowns (Wikipedia)
Of course, for the security officer, managing unknown unknowns somehow, is an important aspect.
The quote tags Rumsfeld. He used it as title for his autobiography Known and Unknown, a Memoir (2011) and it was as used for a documentary about him: The Unknown Known (2014). I have not see it (yet) but there is a trailer on YouTube.
In the original manuscript, a second quote was included but this did not made to the final book due to space constraints. In my view, it is just as relevant, and as we have a bit of space left in this blog, I will include it here:
People think of security as a noun, something you go buy. In reality, it’s an abstract concept like happiness,” said James Gosling, a vice president and Sun Fellow, and the man who invented Java. “Openness is unbelievably helpful to security.”
The quote is from an eWeek magazine article, Is It the End of the Security World as We Know It? by Dennis Fisher (15 February 2006) [You can read the full article here].
Like thinking about unknown unknowns, thinking about topics as concepts instead of nouns is also an interesting mental exercise.
You can read all about Gosling and his achievements here:
… and here is a nice tribute from the company he worked for most of his life.
Also in the original manuscript, I included way too many links and references to other material, which fortunately the editor trimmed quit rigorously to make the book a bit more readable.
On the topic of SAP HANA Security, below the most relevant references.
Information about SAP HANA security from product management (and marketing);
SAP HANA platform documentation:
- SAP HANA Security Guide
- Security Administration and User Management – SAP HANA Administration Guide
- SAP HANA Security Checklists and Recommendations (includes XS)
SUSE Linux Enterprise Server (SLES) documentation (operating system)
Two day focussed training:
For additional information, search the knowledge base articles about HANA Security articles. The component for the SAP HANA Security topic is HAN-DB-SEC. A good place to start is:
SAP Press has also published a guide about the HANA security topic, in particular regarding SAP HANA 1.0 topics like SAP HANA XS, the Repository and SAP HANA Studio:
- SAP HANA Security Guide – Jonathan Haun (2017)
Wait, There is More
Much more! Apart from the security architect as role and the tools used, in this chapter we also cover authentication, authorisation, user management, data privacy, anonymization, encryption, auditing, and more.
|You can get the book from SAP Press and Amazon:|