SAP Knowledge Base Article - Public

2285759 - What is SF policy for secure browser/data encryption and key management?

Symptom

What is SF policy for secure browser/data encryption and key management?

Environment

 SAP SuccessFactors HCM Suite

Resolution

  • All data is encrypted in transit over HTTPS with 256-bit TLS encryption.  Any files sent for batched\scheduled imports are over a customer-specific SFTP account, with use of PGP file encryption prior to transfer.
  • Every page of the SuccessFactors application is currently delivered via Transport Layer Security (TLS). SuccessFactors currently supports up to TLS version 1.2. The TLS protocol handshake is opportunistic.
  • All end user passwords are stored in the customer’s database with a salted hash, SHA-2. SuccessFactors provides full database encryption at rest as standard, using the AES 256-bit protocol. All database backups are stored on-disk only and encrypted using the AES 256-bit protocol.
  • SuccessFactors manages all encryption keys and the HSM\hardware vendors SuccessFactors uses have passed the FIPS 140-2 level 3 certification testing.

See Also

 https://news.sap.com/2018/05/data-encryption-sap-successfactors-solutions/

Keywords

AES, SHA-1, Security, Certificate, Encryption , KBA , LOD-SF-PLT-SEC , Security & Permissions , LOD-SF-PLT , Platform Foundational Capabilities , How To

Product

SAP SuccessFactors HXM Suite all versions