Professional Documents
Culture Documents
SEC104
PUBLIC
Speakers
Las Vegas
September 24–27, 2019
Stephan Kessler
Barcelona
October 8-10, 2019
Stephan Kessler
Bangalore
November 13-15, 2019
Prakash Bhanu
The information in this presentation is confidential and proprietary to SAP and may not be disclosed without the permission of SAP.
Except for your obligation to protect confidential information, this presentation is not subject to your license agreement or any other service
or subscription agreement with SAP. SAP has no obligation to pursue any course of business outlined in this presentation or any related
document, or to develop or release any functionality mentioned therein.
This presentation, or any related document and SAP's strategy and possible future developments, products and or platforms directions and
functionality are all subject to change and may be changed by SAP at any time for any reason without notice. The information in this
presentation is not a commitment, promise or legal obligation to deliver any material, code or functionality. This presentation is provided
without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a
particular purpose, or non-infringement. This presentation is for informational purposes and may not be incorporated into a contract. SAP
assumes no responsibility for errors or omissions in this presentation, except if such damages were caused by SAP’s intentional or gross
negligence.
All forward-looking statements are subject to various risks and uncertainties that could cause actual results to differ materially from
expectations. Readers are cautioned not to place undue reliance on these forward-looking statements, which speak only as of their dates,
and they should not be relied upon in making purchasing decisions.
Security approach
Secure setup
Secure software
SAP HANA
Location-based intelligence and Rapid lifecycle and real-time ML
highly connected data processing with pre-built optimized algorithms
Transactions + Analytics
Natural language processing and Text / Search Document Store ACID-compliant, flexible
advanced text mining management of JSON objects
Time Series Streaming
Game-changing way to build intelligent applications on one platform and one data set
MANAGED
Click here for Certified IaaS Platform Configurations (BYOL) Click here for Certified SAP HANA Appliance Directory
Click here to learn more about SAP HANA Cloud Deployments Click here for Certified Hyper-converged infrastructure solutions
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 7
SAP HANA’s comprehensive security approach
SAP
HANA
Simplified operations
Security by default, e.g. multitenancy isolation
Tooling and infrastructure integration
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 8
SAP HANA (on prem) vs. SAP HANA (cloud): What is the difference?
Application Application
• Select OS
• Configure OS OS Managed
• Update OS service
SAP
Provision system and configure security
Secure default setup Customer content/users,
– Encryption at rest and in motion managed by customer
Security approach
Secure setup
Secure software
Column encryption is a granular encryption option where the data is always encrypted on the SAP
HANA server at rest and in-memory
Key rotation now supported
– SAP HANA column encryption now supports key rotation for column encryption keys (CEKs) that encrypt
table columns and client key pairs (CKPs) that encrypt the CEKs
– Note: To use key versioning, update the client drivers to version SAP HANA 2.0 SPS 04
Column encryption offers two encryption options: deterministic and non-deterministic (randomized)
Additional operations supported for deterministic encryption
– Joins, encrypted with the same key
– Indexes/primary key
– Referential constraints on column tables
– GROUP BY or HAVING Clause
– Set operators (UNION/INTERSECT/EXCEPT)
SAP HANA Cockpit now guides you through the creation of audit policies
You can now specify a retention period after which audit log entries will be automatically deleted
Until now, you could only delete all audit entries that were older than a specified date. By specifying retention
periods per audit policy, you can now fine-tune your retention management.
Security approach
Secure setup
Secure software
Anonymization is a structured approach to protect the privacy of individuals while still enabling
analytics on complex data sets
Use cases
Gain insights from data that could not be leveraged before due to regulations
Maximize the value of business data
Special data protection officer view for analysis
Medical researcher: Link between weight and cancer? Benchmarking: Average salary in Berlin?
EU Opinion 05/2014 on Anonymization Techniques proposes k-anonymity (and derivates) and differential privacy
(http://ec.europa.eu/justice/article-29/documentation/opinion-recommendation/files/2014/wp216_en.pdf)
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 26
What’s new
Data anonymization KPIs
KPIs are now available to help configure anonymization and assess the quality of the anonymized data
KPIs let you gain a better understanding of the effects of the applied anonymization methods and their
respective parameters. This helps to achieve a balance between the goals of protecting data privacy while at
the same time ensures that the anonymized data remains useful. Use the Anonymization Report in the Cockpit.
You can now use SQL views for defining anonymization views
When using SQL views, you can now also define what the system should do when there are
changes in the data set
Example: You can choose to ignore new data that comes into a source table if it does not fit with the
rest
SAP HANA needs hierarchy definitions to generalize attributes when building groups for
k anonymity and l diversity
You can now specify that a sensitive attribute must have a minimum number of distinct values within each
class. l-diversity is considered as an addition to k-anonymity. Conversely, k-anonymity can be seen as a
special case of l-diversity where l=1.
Example
Suppose that all women in the age group 35-44 and living in a particular district fall within the same income bracket. If you
live in that district and you have a female neighbor who is 44, then you can deduce what she earns. The sensitive
information has been leaked.
Using the l-diversity parameter, you can reduce the risk of identification by specifying that a sensitive attribute must have a
minimum number of distinct values within each equivalence class. An equivalence class is a set of identical quasi-
identifying attributes resulting from k-anonymity.
Customizable
anonymization views
Sensitive/confidential data
SAP HANA
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 31
Demo
Real-time data anonymization
Agenda
Security approach
Secure setup
Secure software
SAP offers tools and information that help you run SAP HANA securely
SAP HANA security guide (incl. chapter on data protection), SAP HANA security checklists
You can now review and change the most important security settings in a checklist
The checklist in SAP HANA Cockpit is based on the SAP HANA security checklists documentation
Checks on the most critical Detailed assessment on Support for the selection Verifying SAP landscapes Monitoring and Alerting on
security requirements. secure configuration and and implementation of for compliance to Security security-critical events and
operation topics. SAP Security Notes. Baselines and Policies. properties.
SAP HANA
© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 36
Agenda
Security approach
Secure setup
Secure software
Your questions?
Access replays Continue the conversation Check out the latest blogs
Keynotes Read and reply to blog posts See all SAP TechEd blog posts
Live interviews Ask questions Learn from peers and experts
Select lecture sessions Join discussions
http://sapteched.com/online sap.com/community SAP TechEd blog posts
www.sap.com/contactsap