The global and independent platform for the SAP community.

Security for the SAP landscape

The NIS2 Directive and the Cyber Resilience Act are responses to the increasing number of cyberattacks. Here it is helpful to rely on the BSI-certified Suse Linux platform for SAP.
Friedrich Krey, Suse
April 29, 2024
avatar
This text has been automatically translated from German to English.

The second EU Network and Information Security Directive (NIS 2 Directive) was published on December 27, 2022. Member states must transpose the directive into national law by October 2024. With the Cyber Resilience Act of the European Union, regulations for the use of products and software with a digital component are to be harmonized. There is a requirement for due diligence for the entire life cycle of such solutions.

Suse ensures security with BSI certification

Suse Linux Enterprise Server (SLES) and thus the Suse Linux Enterprise Server for SAP Applications (SLES for SAP) has been released in 2021 by the Federal Office for Information Security (BSI) received the Common Criteria EAL 4+ certification. This was based on a comprehensive evaluation of the product and all development and security update processes by atsec information security and BSI officials. The Evaluation Assurance Level 4 Augmented by ALC_FLR.3 (EAL4+) confirms that SLES meets the highest security requirements for the product and the entire supply chain for mission-critical infrastructures - on x86 as well as IBM Z and Arm architectures.

"Certify once, use many"

Suse follows the Certify once, use many principle when certifying its operating system products. This means that the Certified safety and standards from SLES can also be transferred to SLE Micro and SLE BCI (Base Container Images) thanks to the common code base. Customers can rely on independently evaluated security when using these variants. This makes it easier to meet compliance requirements for their entire IT. Organizations also achieve a consistently high level of security in the supply chain when operating edge applications with SLE Micro and when deploying containerized workloads with SLE BCI.

Suse technologies for SAP security operating concept

It is important to be able to react quickly to vulnerabilities on the SAP platform, both for SAP application servers and SAP database servers. Suse provides "Kernel Live Patching", which can be used to quickly close vulnerabilities in the Linux kernel. With "Disc Remote Encryption", SAP Gana data can be encrypted and backed up on the disc. The expansion in the encryption of communication between RAM and CPU was achieved with Intel in the context of confidential computing.

Furthermore, a local firewall is provided for SAP Hana to improve network security. This is achieved by only opening network ports to external network interfaces that SAP Hana really needs. The Suse Hardening Guide for SLES for SAP Applications 15 provides instructions on which settings can be made and which technologies can be used to increase the hardening level of the Linux platform.

In addition to the pure patch management function (Dev-Test-Prod), the Suse Manager also provides the option of analyzing the status with regard to the CVE situation for the Linux platform (Suse Manager Audit). This means that a CVE gap can be closed promptly with live patching by automatically rolling out the patch via the Suse Manager production channel. Scanning the implementation is possible with OpenScap from the Suse Manager.


Further reading:


Click here for the partner entry:

avatar
Friedrich Krey, Suse

Friedrich Krey is Head of SAP Alliances and Partners EMEA Central SUSE Linux GmbH and one of our esteemed E3 SAP Community Magazine columnists.


1 comment

Write a comment

Working on the SAP basis is crucial for successful S/4 conversion. 

This gives the Competence Center strategic importance for existing SAP customers. Regardless of the S/4 Hana operating model, topics such as Automation, Monitoring, Security, Application Lifecycle Management and Data Management the basis for S/4 operations.

For the second time, E3 magazine is organizing a summit for the SAP community in Salzburg to provide comprehensive information on all aspects of S/4 Hana groundwork.

Venue

More information will follow shortly.

Event date

Wednesday, May 21, and
Thursday, May 22, 2025

Early Bird Ticket

Available until Friday, January 24, 2025
EUR 390 excl. VAT

Regular ticket

EUR 590 excl. VAT

Venue

Hotel Hilton Heidelberg
Kurfürstenanlage 1
D-69115 Heidelberg

Event date

Wednesday, March 5, and
Thursday, March 6, 2025

Tickets

Regular ticket
EUR 590 excl. VAT
Early Bird Ticket

Available until December 24, 2024

EUR 390 excl. VAT
The event is organized by the E3 magazine of the publishing house B4Bmedia.net AG. The presentations will be accompanied by an exhibition of selected SAP partners. The ticket price includes attendance at all presentations of the Steampunk and BTP Summit 2025, a visit to the exhibition area, participation in the evening event and catering during the official program. The lecture program and the list of exhibitors and sponsors (SAP partners) will be published on this website in due course.