Thales Partners

SAP Technology


Headquartered in Waldorf, Germany, SAP is the world's largest inter-enterprise software company, and the world's third-largest independent software supplier overall. SAP employs over 28,909 people in more than 50 countries. Their professionals are dedicated to providing high-level customer support and services. SAP integrates with Thales Luna HSM to provide users with a powerful database and file encryption solution.


Encryption Key Management Options for SAP

Digital transformation is a broad term that describes a wide range of enterprise customers’ efforts to reorient their operations to make data, and the value they can extract, the core of their business. In practice, this requires customers to make a series of technical decisions about how they will deliver their product or service, and where their business data will live.

Because of the required combination of scale, performance and flexibility, at some point digital transformation with SAP will involve the cloud. On their journey, customers will have to decide if they run their workloads on-premises or in the cloud, whether their cloud investments will be in a private or public deployment, and to use infrastructure, platform or software as a service models. To balance competing interests, and navigate an array of available technical options, they are likely to adopt a hybrid ‘all of the above’ approach. Given the quantities of data involved, much of it sensitive, and the complexity of these environments, security will be an important component of these projects.

Resources and Additional Information

A Guide to Securing Sensitive Data During Your SAP Digital Transformation - Whitepaper

CipherTrust Tokenization for SAP

co-innovated store certified

Thales and SAP have partnered to provide an integrated data protection solution for SAP applications. Thales CipherTrust Tokenization now secures SAP application data via the SAP Data Custodian. Via the SAP Data Custodian, SAP customers can choose to tokenize specific fields and assign access policies that determine which users have access to sensitive data. Specific functions such as HR, Finance, and Legal may all have access to the same application, but have permissions to see different application fields. Any field that isn’t authorized will show token values in place of real data.

Resources and Additional Information

SAP Tokenization

CipherTrust Tokenization for SAP Applications - Solution Brief

SAP Tokenization

CipherTrust Tokenization for SAP Data Custodian Running on Google Cloud - Solution Brief

SAP Tokenization

CipherTrust Tokenization for SAP ERP Solutions running on Microsoft Azure - Solution Brief

CipherTrust Cloud Key Manager for SAP

Thales supports external, multi-cloud key lifecycle management for SAP applications via its integration with the SAP Data Custodian. Using CipherTrust Cloud Key Manager, organizations can seamlessly manage the key life cycle of the encryption securing their SAP applications – all from the same single pane of glass they use to protect their other cloud encryption deployments. By adding CipherTrust Cloud Key Manager to their SAP deployment, highly-regulated customers can externally root and manage their encryption keys, or generate their own keys for use in their SAP applications.

Whether organizations take advantage of SAP’s native encryption functionality or bring their own keys to the SAP encryption conversation, CipherTrust Cloud Key Manager simplifies key lifecycle administration and reduces the effort of demonstrating data sovereignty and regulatory compliance.

Resources and Additional Information

SAP CCKM case study

Global Energy Leader Secures High-Value Secret Data with Thales CipherTrust - Case Study


CipherTrust Cloud Key Manager for SAP Applications - Solution Brief


CipherTrust Cloud Key Manager for SAP Applications in Google Cloud Platform - Solution Brief


CipherTrust Cloud Key Manager for SAP Applications in Microsoft Azure - Solution Brief

CipherTrust Data Security Platform Secures SAP Running on Dell in Any-premises

Thales CipherTrust Data Security Platform offers the only SAP-certified third-party encryption and tokenization solutions for SAP. Partnering with Dell, Thales supports customers’ SAP modernization strategies whether on-premises or in any cloud scenario. Through the Dell/Thales partnership, organizations can take advantage of file-level encryption, application-level tokenization, or centralized cloud key management to secure their sensitive SAP data across an array of Dell deployment options from on-premises hardware, Dell APEX or Dell-managed hybrid or multi-cloud implementations.

Resources and Additional Information

SAP for Dell

Thales Secures SAP Data with Dell in Any-premises - Solution Brief

Security for SAP HANA

SAP HANA is an in-memory, column-oriented, relational database management system developed by SAP. Deployable on premises or in the cloud, SAP HANA lets organizations accelerate business processes, deliver more business intelligence, and simplify their IT environment. By providing the foundation for all data needs, SAP HANA removes the burden of maintaining separate legacy systems and siloed data, so organizations can run live and make better business decisions in the new digital economy.

SAP HANA works with Thales CipherTrust Transparent Encryption to create and enforce policies to protect data and log volumes, and prevent unauthorized system administrator, root user, and privileged users from accessing data. CipherTrust Transparent Encryption also encrypts data and log volumes in a cloud service provider infrastructure – allowing the customer to be the custodian of the encryption keys. CipherTrust Transparent Encryption can be quickly deployed to secure data – requiring no change to SAP, the underlying database, or hardware infrastructure. The approach enables enterprises to meet data governance requirements with rigorous separation of duties.

Thales provides a proven approach to securing SAP data that meets rigorous security, data governance, and compliance requirements. Whether securing an existing SAP deployment or upgrading to a new version, Thales delivers a proven approach to quickly secure SAP data while ensuring continued operation at optimal performance. Thales is a SAP Silver Partner, and CipherTrust Transparent Encryption has been qualified to work in SAP HANA solution environments.

Solution Capability   Explanation
Centralized key management   CipherTrust Manager is a centralized key manager for CipherTrust Transparent Encryption as well as other encryption systems in enterprise
Separation of duties   Well defined, strong separation of duties between data administrators and security administrators
Audit Logs   Logs events that help with compliance and audits
Security Intelligence   Logs easily integrated with SIEMs to provide security intelligence and reduce APT attack surfaces
Structured and unstructured data   Use for SAP HANA, other databases, log and config files and all other kinds of files
Privileged User control   Control privileged user access and reduce APT risk surface
Performance and scalability   Proven in the field, high-performance and scalability
Security Standards   FIPS 140-2 Level 3 compliance; Common Criteria certification pending
Database coverage   All databases, big data systems and unstructured file types
Cloud ready   Runs across physical, virtual and cloud environments; Multi-tenant capabilities of DSM


Resources and Additional Information

achieve security

Achieving Security and Compliance for SAP HANA - Solution Brief

achieve security

Achieving Security and Compliance for SAP HANA in the Cloud - Solution Brief


SAP Hana azure

Thales CipherTrust Transparent Encryption and SAP HANA secure database files in Microsoft Azure - Solution Brief

SAP Hana Secure

Make SAP HANA Secure and Compliant on Google Cloud with Thales CTE - Solution Brief


Protecting sensitive data in and around SAP HANA - Whitepaper


Understanding Data Security For SAP - White Paper

SAP HANA on Azure WP

CipherTrust Transparent Encryption for the SAP HANA® data management suite on Microsoft Azure - White Paper

SAP with Luna HSM

SAP software utilizes electronic documents to streamline business operations and communication across departments, such as procurement, manufacturing, customer service, sales, finance, and human resources. Together with HSMs from Thales, businesses gain a secure, trusted solution for secure digital signing.

Resources and Additional Information


SAP with Thales Luna HSM - Integration Guide