SAP Data Encryption & Tokenization Solutions
Thales has partnered with SAP to offer robust data security and external encryption key management for on-premises SAP HANA databases and SAP applications running in the public and private clouds
Software from SAP represents a core operational foundation for many of the world’s largest enterprises, powering such core applications as enterprise resource planning, data warehousing, materials management, and more.
However, as workloads and applications migrate to the cloud, traditional data center perimeter security measures are no longer sufficient to protect this sensitive data. A more secure approach is to encrypt mission critical and private sensitive data, and to maintain data sovereignty through external encryption
key management and ‘Bring Your Own Keys’ deployment strategies.
Join our presenters – Dr. Wasif Gilani, Head of SAP Data Custodian, and Alex Hanway, Business Development Director at Thales – to learn how regulated Financial Services enterprises can protect sensitive data and gain compliance relief at the same time.Watch Recording
Thales and SAP have established a co-innovation partnership to provide an integrated data protection solution for SAP S/4HANA and SAP ECC. Thales CipherTrust Tokenization is the first SAP-certified tokenization solution available to SAP customers that can be used to secure sensitive data.
Thales' CipherTrust Tokenization in the SAP Data Custodian was developed by both organizations through SAP's Co-Innovation Lab, ensuring the security of sensitive data at the most fundamental levels of the application.
With this joint solution, SAP customers can choose to tokenize specific fields and assign access policies that determine which users have access to sensitive data.
Thales and SAP now offer external, multi-cloud key lifecycle management for SAP applications. With the integration between SAP’s Data Custodian and the Thales CipherTrust Cloud Key Manager, organizations can seamlessly manage the encryption key life cycle of SAP applications from the same pane of glass as their other cloud encryption implementations.
By adding CipherTrust Cloud Key Manager, highly regulated customers can externally root their encryption keys in in support of Bring Your Own Keys (BYOK) data security policies.
[Thales] facilitates the control of data, preventing access from people that might have the rights of access but not the privilege."
CipherTrust Transparent Encryption for SAP HANA enables enterprises to run high-volume/high-value data for mission-critical real-time applications in a manner that can be trusted whether on-premises or in the cloud. The solution provides greater control with separation of duties and policies for SAP HANA data encryption, with minimal administration.
On the surface, encrypting the database instance using SAP native encryption would appear to be sufficient to protect data at rest within the SAP HANA database. But, enterprises storing sensitive data in an SAP HANA database need to consider exactly where in and around the database sensitive data might reside -- even outside the direct control of the Database Administrators (DBAs). To give an example, an SAP HANA database might encounter an error causing it to send information with sensitive data into a trace file or an alert log.
Thales CipherTrust Tokenization now secures SAP application data via the SAP Data Custodian. SAP customers can choose to tokenize specific fields and assign access policies that determine which users have access to sensitive data. Specific functions such as HR, Finance, and Legal may all have access to the same application, but have permissions to see different application fields.
As enterprise data and workloads continue to migrate to the cloud, the need to keep sensitive data secure continues to grow. In a recent IDC Data Threat Report study, 50% of all corporate data is stored in the cloud of which 48% of that data is considered sensitive. With a significant footprint across the large enterprise community, SAP figures meaningfully in cloud migration discussions.
The CipherTrust Transparent Encryption encrypts data and prevents unauthorized data access using encryption technology and key management. The SAP HANA data volumes and log volumes are protected at the file system level with policies created by a security administrator on the CipherTrust Manager.
Learn how SAP HANA and Thales' CipherTrust Transparent Encryption establish consistent and common security best practices with this Solution Brief.
Encryption key lifecycle management for BYOK, HYOK and cloud native keys
Tokenize sensitive data, vaulted or vaultless
Quickly secure data in SAP HANA environments, while ensuring applications continue to deliver optimal performance