The global and independent platform for the SAP community.
Linux column, MAG 21-10

DevSecOps for SAP? Of course!

A time of data-driven transformation and modernization has dawned - also for SAP users. This is by no means just about SAP systems; non-SAP environments must also be part of an overall strategy.
Peter Körner, Red Hat
26 October 2021
Content:
avatar
This text has been automatically translated from German to English.

CIOs occasionally have concerns that they will not be able to maintain the silo security of an SAP environment and thousands of Abap in-house developments if they integrate modern, cloud-based non-SAP systems and services into the process landscape. These reservations are not unfounded when manually configuring and maintaining hundreds of additional cloud modules and services.

By using a coordinated, pre-integrated container platform for all target architectures from on-premises to edge to cloud, many of the requirements for governance, compliance, code security and control can be implemented from the outset for all tiers used. The required functionalities for end-to-end process security are available by default.

If a company wants to drive innovation topics, there is no way around the use of new platforms, frameworks, applications and technologies: Integrated hybrid multi-cloud platforms, cloud-native applications, containers, microservices and APIs are unquestionably the decisive components here. Hybrid cloud platforms and cloud-native application development will therefore also have a lasting impact on the future of SAP.

This also means that SAP environments must no longer be viewed as isolated systems, but rather with SAP's side-by-side extensibility concept in mind. This involves linking SAP data, processes and user interfaces with state-of-the-art programming environments, continuous integration and delivery systems, and DevOps methods. In contrast to classic Abap-based in-house developments, the so-called side-by-side extensions for S/4 systems allow the simple implementation of agile end-to-end processes and thus also integrate the SAP landscape with non-SAP systems. 

But what do these developments mean for security? SAP infrastructures must be consistently integrated into a security strategy if silo boundaries are to be bridged. Established security concepts and SAP role and rights management must not be watered down or softened in the case of non-SAP integration - a "technical user" is not a permanent solution.

Especially in cloud-native application development, security takes a high priority, which also applies to the development of modern
side-by-side-based SAP extensions is used and can justify an Abap replacement from a security perspective alone. With regard to containerization, for example, it is ensured that no unauthorized access is possible between the resources used in the host system. Container images should also only be provided from trustworthy sources, for example only after verification by internal IT from predefined catalogs.

Above all, however, a solid Linux is also particularly important. There are several security levels to protect containers on Linux, such as SELinux (Security-Enhanced Linux). SELinux is enabled by default on the Red Hat Enterprise Linux 8 Linux operating system and often runs in high-security environments, including with Hana.

All in all, modern security management by no means has to end with the SAP platform. Security can be consistently implemented in the end-to-end processes integrated with SAP and non-SAP systems. A central basis for this are modern enterprise Kubernetes platforms such as Red Hat OpenShift. It contains all the necessary functionalities and services to operate a container management platform for diverse, business-critical applications on a wide variety of infrastructures in a certified manner. This includes, for example, SLAs, multiple security layers, automation or cluster management. And the security features are comprehensive: from vulnerability management and network segmentation to continuous compliance or risk prioritization.

avatar
Peter Körner, Red Hat

Peter Körner is Principal Business Development Manager Red Hat SAP Solutions at Red Hat


All articles of the author

Write a comment

The Hackett Group has recognized Esker in the area of C2C Receivables

Rackspace Technology launches UK Sovereign Services

August-Wilhelm Scheer Institute and BAD Gesundheitsvorsorge und Sicherheitstechnik: The future of healthcare

Working on the SAP basis is crucial for successful S/4 conversion. 

This gives the Competence Center strategic importance for existing SAP customers. Regardless of the S/4 Hana operating model, topics such as Automation, Monitoring, Security, Application Lifecycle Management and Data Management the basis for S/4 operations.

For the second time, E3 magazine is organizing a summit for the SAP community in Salzburg to provide comprehensive information on all aspects of S/4 Hana groundwork. All information about the event can be found here:

SAP Competence Center Summit 2024

Venue

Event Room, FourSide Hotel Salzburg,
At the exhibition center 2,
A-5020 Salzburg

Event date

June 5 and 6, 2024

Regular ticket:

€ 590 excl. VAT

Venue

Event Room, Hotel Hilton Heidelberg,
Kurfürstenanlage 1,
69115 Heidelberg

Event date

28 and 29 February 2024

Tickets

Regular ticket
EUR 590 excl. VAT
The organizer is the E3 magazine of the publishing house B4Bmedia.net AG. The presentations will be accompanied by an exhibition of selected SAP partners. The ticket price includes the attendance of all lectures of the Steampunk and BTP Summit 2024, the visit of the exhibition area, the participation in the evening event as well as the catering during the official program. The lecture program and the list of exhibitors and sponsors (SAP partners) will be published on this website in due time.