6 – Use infrastructure and software controls to reduce security misconfigurations

How do you protect your SAP application and the underlying database, operating system, storage, and networks? We recommend that SAP software solutions and the associated underlying configurations—such as operating system and database patches, parameters, cloud services, and infrastructure —be hardened. Hardening helps ensure the safety of all SAP environments, both production and non-production, at the appropriate level determined by your organization.

Use the AWS Shared Responsibility Model to guide your activities regarding the security of your SAP environment. For example, firmware updates for your EC2 instances are “security of the cloud” activities for which AWS is responsible, while operating system and application management for those same EC2 instances are “security in the cloud” activities for which you are responsible.

ID	Priority	Best Practice
☐ BP 6.1	Required	Ensure that security and auditing are built into the SAP network design
☐ BP 6.2	Required	Build and protect the operating system
☐ BP 6.3	Required	Protect the database and the application
☐ BP 6.4	Required	Establish a plan for upgrading and patching all applicable software

For more details, refer to the following information:

AWS Documentation: Best practices for Security, Identity, & Compliance
SAP Note: 2191528 - Third-party report showing security vulnerabilities [Requires SAP Portal Access]
SAP Documentation: ABAP Platform Security Guide

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Best Practice 5.4 – Create a strategy for managing security controls

Best Practice 6.1 – Ensure that security and auditing are built into the SAP network design