Blog Open Source

Benefit from Linux Security

The siloed security of traditional SAP environments is reaching its limits in an era of increasing interconnectivity between SAP and non-SAP systems. Will this lead to compromises in process landscape security?

The answer is no. Established security layers from the open source and Linux world are also certified for SAP landscapes. Supported by an automated solution, they can even simplify and increase IT security. There are many tried and tested features available for Linux that also improve IT security in a sustainable manner, which can now be increasingly curated and certified for use in SAP landscapes.

Security features

One example is the SELinux security architecture, which defines access controls for a system’s applications, processes, and files based on security policies. Since the end of last year, SELinux in Red Hat Enterprise Linux has also been certified by SAP for SAP production environments. In addition, Linux operating systems for SAP solutions can also provide other security features. These include preventing the use of unwanted applications and protecting business-critical data with network-based hard disk encryption—for example, for SAP Hana data at rest.

SAP users also benefit in particular from the Red Hat Insights managed service, which includes specific rule sets for use in SAP. The service provides risk analysis, proactive infrastructure management, and automated remediation of potential software security and configuration issues. Focusing on operations, security, and business, the service analyzes platforms and applications for security and performance risks, enabling better management of SAP landscapes.

The Linux operating system for SAP landscapes also has several security-related certifications and validations. These include the Federal Information Processing Standard (FIPS) and the Common Criteria for Information Technology Security Evaluation. Regular validations of applicable hardware and software versions provide users with greater flexibility. With a certified operating system for SAP solutions, laying the foundation for a highly secure digital core is now possible. However, the issue of security needs to be considered more holistically. For example, SAP users face the challenge of patching their IT landscapes quickly and securely, proactively monitoring business-critical systems, and resolving problems immediately. They also need to be able to perform maintenance activities with virtually no downtime, for example for SAP Hana. This is where Ansible Automation comes in, providing automated support for security and incident management processes, such as creating patch execution playbooks, even one specific to SAP operations.


IT security automation offers organizations the opportunity to integrate siloed solutions, standardize processes, and improve overall IT security. For example, organizations typically use a large number of individual security tools, and can overcome the challenges associated with managing these tools by implementing automated workflows based on a security automation solution.

An automation solution such as Red Hat Ansible Automation Platform can be integrated with existing tools and processes using RESTful APIs and a self-service portal. For example, the following security solutions can be integrated and orchestrated: SIEM (Security Information and Event Management), IDS (Intrusion Detection System) and IPS (Intrusion Prevention System), enterprise firewalls, PAM (Privileged Access Management) or endpoint protection platforms. This comprehensive integration and automation can simplify and improve IT security.

Examples from the non-SAP and open source world, such as SELinux, Red Hat Insights, or Red Hat Ansible Automation Platform, show how to achieve tighter security in IT.

About the author

Peter Koerner, Red Hat

Peter Koerner is Principal Business Development Manager Red Hat SAP Solutions at Red Hat.

Add Comment

Click here to post a comment

Sign up for e3zine´s biweekly newsbites

Please do not use administrative mail adresses like "noreply@..", "admin@.." or similar as these may get blocked for security reasons.

We use rapidmail for dispatching our newsletter. By signing up, you agree that the data you have entered will be transmitted to rapidmail. Please take note of their terms and conditions and privacy policy.termsandconditions.

Our Authors