Software from SAP represents a core operational foundation for many of the world’s largest enterprises, powering such core applications as enterprise resource planning, data warehousing, materials management, and more.

However, as workloads and applications migrate to the cloud, traditional data center perimeter security measures are no longer sufficient to protect this sensitive data. A more secure approach is to encrypt mission critical and private sensitive data, and to maintain data sovereignty through external encryption
key management and ‘Bring Your Own Keys’ deployment strategies.

Security & Compliance for SAP Data in Financial Services with Thales and SAP

Don't miss our webinar with SAP

Join our presenters – Dr. Wasif Gilani, Head of SAP Data Custodian, and Alex Hanway, Business Development Director at Thales – to learn how regulated Financial Services enterprises can protect sensitive data and gain compliance relief at the same time.

Watch Recording

Tokenize data and control access in SAP S/4HANA and SAP ECC

Thales and SAP have established a co-innovation partnership to provide an integrated data protection solution for SAP S/4HANA and SAP ECC. Thales CipherTrust Tokenization is the first SAP-certified tokenization solution available to SAP customers that can be used to secure sensitive data.

Thales' CipherTrust Tokenization in the SAP Data Custodian was developed by both organizations through SAP's Co-Innovation Lab, ensuring the security of sensitive data at the most fundamental levels of the application.

With this joint solution, SAP customers can choose to tokenize specific fields and assign access policies that determine which users have access to sensitive data.

Key features and benefits:

Schrems II alignment by masking protected data from CSPs, outsourced contractors, developers, and internal privileged access users
Go live with sensitive data in production deployments within days rather than in months
Access controls ensure only authorized users or applications can view tokenized data
Thales CipherTrust Manager provides root-of-trust key protection to help attain FIPS 140-2 Level 3 regulatory requirements
Co-innovation certification ensures seamless integration and performance

Request Info Read the Solution Brief

External key management for SAP applications

Thales and SAP now offer external, multi-cloud key lifecycle management for SAP applications. With the integration between SAP’s Data Custodian and the Thales CipherTrust Cloud Key Manager, organizations can seamlessly manage the encryption key life cycle of SAP applications from the same pane of glass as their other cloud encryption implementations.

By adding CipherTrust Cloud Key Manager, highly regulated customers can externally root their encryption keys in in support of Bring Your Own Keys (BYOK) data security policies.

Key features and benefits:

Generate encryption keys with HSM-based entropy and bring them to your SAP applications
Improve IT efficiency with centralized key lifecycle management across multiple cloud environments
Comply with the most stringent data protection and sovereignty mandates with encryption and key management
Simplified compliance reporting with detailed audit logs and prepackaged reports
Root keys in up to FIPS 140-2 Level 3 security by leveraging CipherTrust Manager or Thales Luna HSMs

Request Info Read the Solution Brief

[Thales] facilitates the control of data, preventing access from people that might have the rights of access but not the privilege."

Damian McDonald

VP of Global Information Security, Becton, Dickinson and Company

Read the Case Study

Simplify SAP HANA data encryption

CipherTrust Transparent Encryption for SAP HANA enables enterprises to run high-volume/high-value data for mission-critical real-time applications in a manner that can be trusted whether on-premises or in the cloud. The solution provides greater control with separation of duties and policies for SAP HANA data encryption, with minimal administration.

Key features and benefits:

Address business and industry compliance obligations even when data resides in the cloud
Establish safeguards to structured and unstructured data in SAP HANA’s Persistence layer, associated databases, and log and configuration files
Encrypt HANA data and log volumes at the file system level with minimal overhead without re-architecting the database or application
Enforce flexible customer-defined policies for access controls and audits
Safeguard and manage associated encryption keys, allowing cloud service users to be their own custodians
FIPS 140-2 Level 1, 2 or 3 certified root of trust for key management

Request Info Read the Solution Brief

Recommended Resources

Protecting sensitive data in and around SAP HANA

On the surface, encrypting the database instance using SAP native encryption would appear to be sufficient to protect data at rest within the SAP HANA database. But, enterprises storing sensitive data in an SAP HANA database need to consider exactly where in and around the database sensitive data might reside -- even outside the direct control of the Database Administrators (DBAs). To give an example, an SAP HANA database might encounter an error causing it to send information with sensitive data into a trace file or an alert log.

Get the White Paper

CipherTrust Tokenization for SAP

Thales CipherTrust Tokenization now secures SAP application data via the SAP Data Custodian. SAP customers can choose to tokenize specific fields and assign access policies that determine which users have access to sensitive data. Specific functions such as HR, Finance, and Legal may all have access to the same application, but have permissions to see different application fields.

Get the Solution Brief

CipherTrust Cloud Key Management for SAP Applications

As enterprise data and workloads continue to migrate to the cloud, the need to keep sensitive data secure continues to grow. In a recent IDC Data Threat Report study, 50% of all corporate data is stored in the cloud of which 48% of that data is considered sensitive.

Get the Solution Brief

Achieving Security and Compliance for SAP HANA

The CipherTrust Transparent Encryption encrypts data and prevents unauthorized data access using encryption technology and key management. The SAP HANA data volumes and log volumes are protected at the file system level with policies created by a security administrator on the CipherTrust Manager.

Get the Solution Brief

Thales and SAP HANA secure database files in Microsoft Azure without affecting business operations

Learn how SAP HANA and Thales' CipherTrust Transparent Encryption establish consistent and common security best practices with this Solution Brief.

Get the Solution Brief

SAP Data Encryption & Tokenization Solutions

Don't miss our webinar with SAP

Tokenize data and control access in SAP S/4HANA and SAP ECC

Key features and benefits:

External key management for SAP applications

Key features and benefits:

Damian McDonald

Simplify SAP HANA data encryption

Key features and benefits:

Recommended Resources

Protecting sensitive data in and around SAP HANA

CipherTrust Tokenization for SAP

CipherTrust Cloud Key Management for SAP Applications

Achieving Security and Compliance for SAP HANA

Thales and SAP HANA secure database files in Microsoft Azure without affecting business operations

Related Products

CipherTrust Cloud Key Manager

CipherTrust Cloud Key Manager

CipherTrust Tokenization

CipherTrust Tokenization

CipherTrust Transparent Encryption for SAP HANA

CipherTrust Transparent Encryption for SAP HANA