With October being National Cybersecurity Awareness Month in the U.S., I thought this would be an excellent time to revisit the topic of an innovative HPE security compliance solution: HPE Workload Aware Security for Linux (WASL)
The fact that data breaches are on the rise is hardly a secretโwith a staggering nearly 5 million data records breached each and every day.[1] Sadly, organizations may not even know that a breach has occurred. This lack of awareness carries a high cost. In fact, in 2017, cyberattacks cost businesses worldwide $600 billion in losses.[2]
Thatโs why recent security attacks are motivating enterprises to rethink security effectiveness not only to curb financial losses but also to win customer trust. Rapid growth of digital transformation is putting pressure on the enterprises to shift from a reactive towards a more proactive approach on security to reduce risks.[3]
Even though security and compliance are among the top priorities for enterprises, many organizations are finding it difficult to achieve and stay in compliance with the latest security and regulatory requirements.
How are you securing your HPE servers to meet todayโs regulations and requirements?
Most organizations still follow a traditional approach in system security with professionals manually hardening hundreds of systems with the help of guidelines and scripts. The industry-standard repository Center for Internet Security (CIS) publishes best practices and some scripts to determine Linux security compliance. SAP has also published a 277-page guide on how to secure a SAP HANA implementation. The downside of these manual processes is that they are prone to human error and consume significant time to evaluate, remediate, deploy and maintain security compliance.
In Europe, the Data Protection Directive 95/46/EC has recently been replaced with the EU General Data Protection Regulation (GDPR), effective as of May 25, 2018. From this date, organizations are expected to be compliant, and remain compliant going forward. Ever-changing industry rules and regulations put additional stress on security professionals to maintain system security policies.
How WASL helps achieve security compliance for Linux and SAP HANA environments
If you are deploying SAP HANA appliances or TDI solutions, you need to adhere to the SAP HANA security guidelines. If you are deploying Linux mission-critical applications, you need to meet CIS security compliance. HPE tests found that out-of-box Linux distributions can be only about 50% compliant to industry standards. To directly address these challenges, WASL can
help you reduce security compliance deployment time from days to minutes.
HPE WASL is an intuitive push-button security compliance checking tool featuring optional single-click remediation for HPE systems and HPE SAP HANA appliances. WASL hardens both the OS instance and the SAP HANA application to achieve over 90% security compliance. The remaining 10% requires user input like a password or a file location for logs.
Transforming to NextGen IT
HPE is going through its own digital transformation journey, something we are calling HPE NextGen IT. We have ambitious goals, including a significant reduction of business processes and applications, and going from several ERP systems to a single global one. An integral part of that journey is our SAP HANA implementation, and with one of the worldยดs largest SAP environments, including nearly 50TB of SAP HANA, security is top of mind.
The HPE cybersecurity team uses WASL to secure Linux systems, including all our SAP HANA systems, and the team is clearly seeing the value.
โHPE WASL allowed us to harden our Linux images to the CIS benchmarks in minutes. Additionally, it allows us to track progress of the platform hardening posture as we work toward our final state of a fully hardened platform. This tool is very easy to use and the reporting is clear and concise; this allows us to share the output with non-technical teams and jointly formulate techniques to close any identified security gaps. This tool has become a fundamental piece of our arsenal for securing our most sensitive platforms.โ - Tim Ferrell, Master Cybersecurity Architect, HPE
For a WASL demo, including features such as compliance to Linux and SAP HANA security standards, rollback, policy customization and reports, go to the HPE Demonstration Portal and search for: WASL.
HPE WASL provides automated security compliance of operating system as well as the SAP HANA workload running on it, policy customization to incorporate organization specific security requirements and the flexibility of instant roll-back/reset to previous state of the system/workload.
Automated security compliance helps reducing the attack surface by turning off unnecessary services, ports, permissions, protocols and users, and enabling the required firewalls, as well as saves the cost in recruiting the trained /qualified security staff.
Take advantage of WASL trial software
Please send an email to WASL@hpe.com for a 30-day WASL trial software. For more details, start with this overview of HPE Workload Aware Security for Linux.
Find out more about empowering the real-time enterprise with SAP HANA solutions.
[1] https://breachlevelindex.com/
[2] Cybercrime 'pandemic' may have cost the world $600 billion last year
[3] IDC Research press release
Meet Server Experts blogger Nithin Purushothaman, Product Manager, Mission Critical Solutions, HPE. Nithin is focused on building a product which makes security professionals smile and organizations save millions. He is the Product Manager for the security compliance software, Workload Aware Security for Linux (WASL), and Technology Partner lead for HPE Mission Critical Servers. He has 10+ yearsโ experience in the field of virtualization, telco network engineering, customer support, product and partner management. Nithin earned an Electronics and Telecommunication engineering degree and holds an MBA from the University of Leeds.
Server Experts
Hewlett Packard Enterprise
ComputeExperts
Our team of Hewlett Packard Enterprise server experts helps you to dive deep into relevant infrastructure topics.
