With the recent customer data breach at Equifax, protection of sensitive customer data is a hot topic. At Utegration, we regularly help our clients build HANA based analytics solutions, and in doing so, we ensure our clients protect their customer’s sensitive data when moving data into HANA. This is a top priority, as many of our clients operate in a competitive market, and maintaining customer satisfaction is of great importance.
After many years of successfully implementing HANA for our customers, we are experts in understanding how to ensure secure customer data on SAP HANA.
In terms of data protection, there are two main things that are relevant. The most important one is data/log volume encryption on the disk. This ensures the persisted data on the disk is encrypted. Hence if for any reason, the disk data is leaked, it is still protected by the encryption. We recommend all our customers have this feature enabled, even though it will cause a negative impact on the performance side.
The other approach is dynamic data masking. With this approach, customer sensitive data is stored in the tables as clear text. However, by setting up masking rules in conjunction with security roles. When users access the data through HANA views, only authorized users will be able to see the sensitive data. For all other users, the sensitive data will be masked by the predefined masking rules.
This is a good way to protect the data when the data consumption is through the HANA semantic layer. However, in practice, there are a couple major difficulties with this approach. First, the data is not protected at the table level. Most of the time, the tables need to be exposed to certain people that are not supposed to see the sensitive data. For example, the HANA development/ maintenance team or DBA will have table level access, but they are not supposed to see sensitive customer data.
The other issue is that the cardinality or uniqueness of the value will be changed most of the time. For some use cases, the users don’t need to see the sensitive data, but they need to ensure the data cardinality stays the same for analysis. In this case, data masking will cause an issue.
To help our clients to best leverage HANA’s cutting edge technology, and cope with the above mentioned issues with dynamic data masking, we have developed and deployed a customized solution to help our clients secure the customer sensitive data.The diagram below is a high-level explanation of the solution.
In essence, we have customer sensitive data encrypted at the table level when data is ingested into HANA. Then administrators can set up the security control and HANA views in a certain way, allowing encrypted data at the table level to be decrypted on the fly when an authorized user is consuming the corresponding HANA calculation view. The entire process is automated. Unauthorized users are not able to see the sensitive data, and the cardinality of the data will stay the same, so unauthorized users can still use it for analysis. Additionally, the security can be set up by column as well, which means although all users are consuming the same HANA calculation view, some may be able to see decrypted SSN, but not credit card number, while others may be able to see credit card number but not SSN. Combining this approach and with data/log volume encryption on the disk, provides a better way to help secure customer sensitive data on HANA.
If you would like to learn more about how to secure customer sensitive data on HANA, please contact: firstname.lastname@example.org