Security firm releases tool to audit SAP's HANA
A new tool from security vendor Onapsis aims to secure SAP’s in-memory database HANA, the German company’s fastest-growing data processing product.
HANA is a cornerstone of SAP’s strategy to compete with Oracle and IBM. Available as a cloud service and an appliance, it’s designed to process analytical and transaction workloads much faster for SAP’s ERP, CRM, supply chain and business intelligence applications.
HANA became generally available last year, and SAP has called it the fastest-growing product in its history, with more than 1,000 customers at the end of 2012.
But the product is “so new that there is no real practical knowledge on how to secure it,” according to Onapsis CEO Mariano Nunez[cq].
The HANA modules in X1 perform automated scans that check if a HANA’s configuration matches SAP’s security guidelines for the platform. They look for problems such as missing patches, users with excessive permissions, dangerous SAP XS Engine applications, missing audit trails and weak passwords, among other issues.
The modules prioritize the risks administrators should mitigate and continuously monitor HANA for new risks, Nunez said. The HANA modules will be available in November as a free update for existing X1 customers.