{"id":12099,"date":"2021-11-05T14:32:43","date_gmt":"2021-11-05T14:32:43","guid":{"rendered":"https:\/\/northbaysolutions.com\/blog\/securing-sap-workloads-on-aws-strategies-for-success\/"},"modified":"2025-03-20T11:14:49","modified_gmt":"2025-03-20T11:14:49","slug":"migrating-sap-workloads-on-aws","status":"publish","type":"post","link":"https:\/\/northbaysolutions.com\/blog\/migrating-sap-workloads-on-aws\/","title":{"rendered":"Securing SAP workloads on AWS: Strategies for Success"},"content":{"rendered":"<div class=\"fusion-fullwidth fullwidth-box fusion-builder-row-1 fusion-flex-container nonhundred-percent-fullwidth non-hundred-percent-height-scrolling\" style=\"--awb-border-radius-top-left:0px;--awb-border-radius-top-right:0px;--awb-border-radius-bottom-right:0px;--awb-border-radius-bottom-left:0px;--awb-padding-top:0px;--awb-padding-right:0px;--awb-padding-bottom:0px;--awb-padding-left:0px;--awb-flex-wrap:wrap;\" ><div class=\"fusion-builder-row fusion-row fusion-flex-align-items-flex-start fusion-flex-content-wrap\" style=\"max-width:1310.4px;margin-left: calc(-4% \/ 2 );margin-right: calc(-4% \/ 2 );\"><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-0 fusion_builder_column_1_1 1_1 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:100%;--awb-margin-top-large:0px;--awb-spacing-right-large:1.92%;--awb-margin-bottom-large:30px;--awb-spacing-left-large:1.92%;--awb-width-medium:100%;--awb-order-medium:0;--awb-spacing-right-medium:1.92%;--awb-spacing-left-medium:1.92%;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-image-element \" style=\"--awb-caption-title-font-family:var(--h2_typography-font-family);--awb-caption-title-font-weight:var(--h2_typography-font-weight);--awb-caption-title-font-style:var(--h2_typography-font-style);--awb-caption-title-size:var(--h2_typography-font-size);--awb-caption-title-transform:var(--h2_typography-text-transform);--awb-caption-title-line-height:var(--h2_typography-line-height);--awb-caption-title-letter-spacing:var(--h2_typography-letter-spacing);\"><span class=\" fusion-imageframe imageframe-none imageframe-1 hover-type-none\" style=\"border-radius:10px;\"><img loading=\"lazy\" decoding=\"async\" width=\"1200\" height=\"800\" title=\"blog-post-amazon-guardduty_blog (1)\" src=\"https:\/\/northbaysolutions.com\/wp-content\/uploads\/2021\/11\/blog-post-amazon-guardduty_blog-1.png\" class=\"img-responsive wp-image-12153\" srcset=\"https:\/\/northbaysolutions.com\/wp-content\/uploads\/2021\/11\/blog-post-amazon-guardduty_blog-1-200x133.png 200w, https:\/\/northbaysolutions.com\/wp-content\/uploads\/2021\/11\/blog-post-amazon-guardduty_blog-1-400x267.png 400w, https:\/\/northbaysolutions.com\/wp-content\/uploads\/2021\/11\/blog-post-amazon-guardduty_blog-1-600x400.png 600w, https:\/\/northbaysolutions.com\/wp-content\/uploads\/2021\/11\/blog-post-amazon-guardduty_blog-1-800x533.png 800w, https:\/\/northbaysolutions.com\/wp-content\/uploads\/2021\/11\/blog-post-amazon-guardduty_blog-1.png 1200w\" sizes=\"auto, (max-width: 640px) 100vw, 1200px\" alt=\"\"><\/span><\/div><\/div><\/div><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-1 fusion_builder_column_1_1 1_1 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:100%;--awb-margin-top-large:0px;--awb-spacing-right-large:1.92%;--awb-margin-bottom-large:0px;--awb-spacing-left-large:1.92%;--awb-width-medium:100%;--awb-order-medium:0;--awb-spacing-right-medium:1.92%;--awb-spacing-left-medium:1.92%;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-text fusion-text-1 fusion-text-no-margin text-style\" style=\"--awb-font-size:28px;--awb-text-transform:none;--awb-text-color:#000000;--awb-margin-bottom:30px;\"><h3 class=\"vc_custom_heading b_heading first_heading\"><strong>Hackers can be anywhere, so security must be everywhere<\/strong><\/h3>\n<\/div><div class=\"fusion-text fusion-text-2 fusion-text-no-margin\" style=\"--awb-text-transform:none;--awb-margin-bottom:0px;\"><p>At NorthBay Solutions, we\u2019ve developed a best practices approach for migrating workloads to AWS that is designed to address the security challenges set by modern-day hackers. Our perspective is that hackers are everywhere, and they are constantly focused on finding opportunities to launch a malicious attack. Thus, no matter where in the cloud we are moving data, or what method we are using to move data, we make it a policy to have the right set of tools and technologies in place to continuously scan for nefarious activity\u2014and stop it in its tracks.<\/p>\n<p><strong style=\"color: #0c62fb;\">It was this comprehensive approach to security that prevented what could have been a catastrophic breach for one of our valuable clients.<\/strong><\/p>\n<\/div><div class=\"fusion-text fusion-text-3 fusion-text-no-margin text-style\" style=\"--awb-font-size:28px;--awb-text-transform:none;--awb-text-color:#000000;--awb-margin-bottom:30px;\"><h3><strong>Amazon EC2 migration designed with security in mind<\/strong><\/h3>\n<\/div><div class=\"fusion-text fusion-text-4 fusion-text-no-margin\" style=\"--awb-text-transform:none;--awb-text-color:#000000;--awb-margin-bottom:30px;\"><p>Amazon Elastic Compute Cloud (EC2) is a compute instance as a service offered by AWS. In our client\u2019s case, an EC2 test instance was spun up as part of the solution for migrating SAP workloads.<\/p>\n<p>Because security best practices dictate that no EC2 instance should be accessible directly via the public internet, we set up every EC2 instance in a private subnet. Unlike public subnets that can receive in-bound traffic directly from the internet, private subnets provide better network management control and improved network security.<\/p>\n<p>While a VPN\u2014either site-to-site or client-server\u2014is the most secure method of accessing an EC2 instance, not all organizations have VPNs in place, implementing a VPN can take several days and also requires investment in on-premises devices. Further, VPNs can also fail. And when they do, IT teams are unable to access their EC2 workloads.<\/p>\n<p>In this migration use case, the EC2 test instance can be configured on the fly, which can then be accessed via a bastion host (also known as a jump server). A bastion host is a hardened server that can better withstand security attacks, and whose purpose is to provide access to a private network from an external network, including the internet. From there, IT teams can access workloads hosted on the EC2 instance on the private subnet.<\/p>\n<\/div><div class=\"fusion-text fusion-text-5 fusion-text-no-margin text-style\" style=\"--awb-font-size:28px;--awb-text-transform:none;--awb-text-color:#000000;--awb-margin-bottom:30px;\"><h3><strong>Protecting EC2 instances with intelligent threat detection<\/strong><\/h3>\n<\/div><div class=\"fusion-text fusion-text-6 fusion-text-no-margin\" style=\"--awb-text-transform:none;--awb-text-color:#000000;--awb-margin-bottom:30px;\"><p>However, a bastion host could also expose an EC2 instance to potential attack, and as a result, steps must be taken to minimize the chances of penetration. One such solution is AWS GuardDuty, which is a threat detection service that continuously monitors AWS accounts and workloads for malicious activity, and also delivers detailed security findings for visibility and remediation.<\/p>\n<p>Fortunately, with the NorthBay Solutions team\u2019s expertise working with EC2 instances combined with our time-tested frameworks, we had implemented AWS GuardDuty as part of the solution. Thus, <strong><span style=\"color: #0c62fb;\">we were alerted to the fact that numerous attempts were being made to access the bastion host, many of which were coming from geographies outside of the client\u2019s areas of operation.<\/span><\/strong> Having received real-time alerts from GuardDuty, we were able to take immediate steps to thwart the hackers and protect our client\u2019s cloud infrastructure and data. GuardDuty also helped in :<\/p>\n<ul>\n<li>White listing IP address for the client\u2019s team members and partners<\/li>\n<li>Black listing suspected IP address ranges<\/li>\n<li>Immediately terminating the EC2 test instance<\/li>\n<li>Taking pre-configured \/ automated actions in collaboration with other Services of AWS (based on type of security incidents) to make sure, attack<\/li>\n<li>is mitigated immediately upon detection.<\/li>\n<\/ul>\n<\/div><div class=\"fusion-text fusion-text-7 fusion-text-no-margin text-style\" style=\"--awb-font-size:28px;--awb-text-transform:none;--awb-text-color:#000000;--awb-margin-bottom:30px;\"><h3><strong>The best security defense is a strong offense<\/strong><\/h3>\n<\/div><div class=\"fusion-text fusion-text-8 fusion-text-no-margin\" style=\"--awb-text-transform:none;--awb-text-color:#000000;--awb-margin-bottom:30px;\"><p>Hackers are always watching, scanning and seeking out opportunities to penetrate networks, whether on-premises or in the cloud, which is why it\u2019s of paramount importance to fully understand the AWS managed security options available, work with experts, and take the time to implement and test their functionality.<\/p>\n<p>Cyber Security is and will remain an ongoing global war with hackers. Together as a strong team we can win this. Let\u2019s Gear Up..!!<\/p>\n<\/div><\/div><\/div><\/div><\/div>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":3,"featured_media":12153,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[55,65],"tags":[57,88,33],"class_list":["post-12099","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","category-sap-on-aws","tag-all-industries","tag-exclude","tag-tech-saas"],"_links":{"self":[{"href":"https:\/\/northbaysolutions.com\/wp-json\/wp\/v2\/posts\/12099","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/northbaysolutions.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/northbaysolutions.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/northbaysolutions.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/northbaysolutions.com\/wp-json\/wp\/v2\/comments?post=12099"}],"version-history":[{"count":4,"href":"https:\/\/northbaysolutions.com\/wp-json\/wp\/v2\/posts\/12099\/revisions"}],"predecessor-version":[{"id":24337,"href":"https:\/\/northbaysolutions.com\/wp-json\/wp\/v2\/posts\/12099\/revisions\/24337"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/northbaysolutions.com\/wp-json\/wp\/v2\/media\/12153"}],"wp:attachment":[{"href":"https:\/\/northbaysolutions.com\/wp-json\/wp\/v2\/media?parent=12099"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/northbaysolutions.com\/wp-json\/wp\/v2\/categories?post=12099"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/northbaysolutions.com\/wp-json\/wp\/v2\/tags?post=12099"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}