Best Practice 6.4 – Establish a plan for upgrading and patching all applicable software

SAP and the vendors of the underlying operating systems and databases release standard security updates on a fixed schedule as well as provide emergency updates to fix vulnerabilities. Be aware of the latest security information from each vendor. We recommend that you keep your SAP application and all underlying components updated with the latest security fixes on a scheduled basis to avoid introducing security holes. We also recommend that you put a plan in place for applying emergency fixes when critical security patches are released.

Suggestion 6.4.1 - Subscribe to alerts from the vendors of operating system, database, and software solutions

Subscribing to your various vendor portals for security updates can help you become aware of new security issues and remediations as they are released. This can help you plan for required changes.

AWS Documentation: AWS Security Bulletins
SAP Documentation: SAP EarlyWatch Alert
SAP Documentation: SAP Security News

Operating System	Guidance
SUSE Linux Enterprise Server	SUSE Update Advisories
Red Hat Enterprise Linux	Red Hat Security Advisories
Microsoft Windows	Microsoft Security Alerts
Oracle Enterprise Linux	Oracle Security Alerts

Suggestion 6.4.2 – Review the recommended changes and risk to your business and implementation effort

SAP teams must learn to balance the need for system uptime with the criticality of system changes that have been recommended to improve SAP security. Failure to do so can introduce unnecessary risks such as service interruptions, financial impact, or lost productivity. Review the recommended changes and implementation steps to fix vulnerabilities from your vendors and plan to implement them promptly. This directly relates to the Operational Excellence best practices discussed in this Lens, particularly the creation of runbooks for security.

SAP Lens [Operational Excellence]: Suggestion 3.4.1 - Create specific runbooks for SAP security operations

Suggestion 6.4.3 – Establish a plan to address vulnerabilities in a timely manner

Applying new SAP security recommendations and security-related patches as quickly as possible is paramount both for AWS based SAP solutions and those installed elsewhere. Regularly review the SAP Security Notes and News, and create a process to remediate security issues quickly with the patches, notes, and recommendations found there. In some cases, SAP administrators may also have to put in temporary mitigation or control measures until the underlying vulnerability can be addressed. Also follow the Security Pillar recommendations around incident response.

Well-Architected Framework [Security]: Incident Response
SAP Documentation: SAP Security Notes and News

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Best Practice 6.3 – Protect the database and the application

7 – Control access to your SAP workload through identity and permissions