Get in contact with a Data Security Specialist
Software from SAP represents a core operational foundation for many of the world’s largest enterprises, powering such core applications as enterprise resource planning, data warehousing, materials management, and more.
However, as workloads and applications migrate to the cloud, traditional data center perimeter security measures are no longer sufficient to protect this sensitive data. A more secure approach is to encrypt mission-critical and private sensitive data, and to maintain data sovereignty through external encryption key management and ‘Bring Your Own Keys’ deployment strategies.
External key management for SAP applications
Thales and SAP now offer external, multi-cloud key lifecycle management for SAP applications. With the integration between SAP’s Data Custodian and the Thales CipherTrust Cloud Key Manager, organisations can seamlessly manage the encryption key life cycle of SAP applications from the same pane of glass as their other cloud encryption implementations.
By adding CipherTrust Cloud Key Manager, highly regulated customers can externally root their encryption keys in in support of Bring Your Own Keys (BYOK) data security policies.
Key features and benefits:
- Generate encryption keys with HSM-based entropy and bring them to your SAP applications
- Improve IT efficiency with centralised key lifecycle management across multiple cloud environments
- Comply with the most stringent data protection and sovereignty mandates with encryption and key management
- Simplified compliance reporting with detailed audit logs and prepackaged reports
- Root keys in up to FIPS 140-2 Level 3 security by leveraging CipherTrust Manager or Thales Luna HSMs
Simplify SAP HANA data encryption
CipherTrust Transparent Encryption for SAP HANA enables enterprises to run high-volume/high-value data for mission-critical real-time applications in a manner that can be trusted whether on-premises or in the cloud. The solution provides greater control with separation of duties and policies for SAP HANA data encryption, with minimal administration.
Key features and benefits:
- Address business and industry compliance obligations even when data resides in the cloud
- Establish safeguards to structured and unstructured data in SAP HANA’s Persistence layer, associated databases, and log and configuration files
- Encrypt HANA data and log volumes at the file system level with minimal overhead without re-architecting the database or application
- Enforce flexible customer-defined policies for access controls and audits
- Safeguard and manage associated encryption keys, allowing cloud service users to be their own custodians
- FIPS 140-2 Level 1, 2 or 3 certified root of trust for key management
[Thales] facilitates the control of data, preventing access from people that might have the rights of access but not the privilege."
Recommended resources
Protecting sensitive data in and around SAP HANA
On the surface, encrypting the database instance using SAP native encryption would appear to be sufficient to protect data at rest within the SAP HANA database. But, enterprises storing sensitive data in an SAP HANA database need to consider exactly where in and around the database sensitive data might reside -- even outside the direct control of the Database Administrators (DBAs). To give an example, an SAP HANA database might encounter an error causing it to send information with sensitive data into a trace file or an alert log.
Related products
CipherTrust Cloud Key Manager
Encryption key lifecycle management for BYOK, HYOK and cloud native keys
CipherTrust Transparent Encryption for SAP HANA
Quickly secure data in SAP HANA environments, while ensuring applications continue to deliver optimal performance
Learn more about our market-leading solutions
Get in contact with an SAP Data Security specialist