DevSecOps for SAP? Of course!
CIOs occasionally have concerns that they will not be able to maintain the silo security of an SAP environment and thousands of Abap in-house developments if they integrate modern, cloud-based non-SAP systems and services into the process landscape. These reservations are not unfounded when manually configuring and maintaining hundreds of additional cloud modules and services.
By using a coordinated, pre-integrated container platform for all target architectures from on-premises to edge to cloud, many of the requirements for governance, compliance, code security and control can be implemented from the outset for all tiers used. The required functionalities for end-to-end process security are available by default.
If a company wants to drive innovation topics, there is no way around the use of new platforms, frameworks, applications and technologies: Integrated hybrid multi-cloud platforms, cloud-native applications, containers, microservices and APIs are unquestionably the decisive components here. Hybrid cloud platforms and cloud-native application development will therefore also have a lasting impact on the future of SAP.
This also means that SAP environments must no longer be viewed as isolated systems, but rather with SAP's side-by-side extensibility concept in mind. This involves linking SAP data, processes and user interfaces with state-of-the-art programming environments, continuous integration and delivery systems, and DevOps methods. In contrast to classic Abap-based in-house developments, the so-called side-by-side extensions for S/4 systems allow the simple implementation of agile end-to-end processes and thus also integrate the SAP landscape with non-SAP systems.
But what do these developments mean for security? SAP infrastructures must be consistently integrated into a security strategy if silo boundaries are to be bridged. Established security concepts and SAP role and rights management must not be watered down or softened in the case of non-SAP integration - a "technical user" is not a permanent solution.
Especially in cloud-native application development, security takes a high priority, which also applies to the development of modern
side-by-side-based SAP extensions is used and can justify an Abap replacement from a security perspective alone. With regard to containerization, for example, it is ensured that no unauthorized access is possible between the resources used in the host system. Container images should also only be provided from trustworthy sources, for example only after verification by internal IT from predefined catalogs.
Above all, however, a solid Linux is also particularly important. There are several security levels to protect containers on Linux, such as SELinux (Security-Enhanced Linux). SELinux is enabled by default on the Red Hat Enterprise Linux 8 Linux operating system and often runs in high-security environments, including with Hana.
All in all, modern security management by no means has to end with the SAP platform. Security can be consistently implemented in the end-to-end processes integrated with SAP and non-SAP systems. A central basis for this are modern enterprise Kubernetes platforms such as Red Hat OpenShift. It contains all the necessary functionalities and services to operate a container management platform for diverse, business-critical applications on a wide variety of infrastructures in a certified manner. This includes, for example, SLAs, multiple security layers, automation or cluster management. And the security features are comprehensive: from vulnerability management and network segmentation to continuous compliance or risk prioritization.