SAP Knowledge Base Article - Public

2685823 - SFSF Storage Encryption 2018

Symptom

  • We would like to know the SuccessFactors HCM Datacenter Infrastructure & Encryption.
  • Our IT security team is requesting evidence for Success SAN level encryption.

Environment

SAP SuccessFactors HCM Suite

Resolution

Overall approach to Data Encryption

  • SuccessFactors is a 100% web browser based application, with all access over HTTPS \ Port 443 exclusively. Every page of the SuccessFactors application is currently delivered via Transport Layer Security (TLS). SuccessFactors currently supports up to TLS version 1.2. All data is encrypted in transit over HTTPS with 256-bit AES encryption. 
  • Any files sent for batched\scheduled imports are over a customer-specific SFTP account, with recommended use of PGP file encryption prior to transfer. We do not support un-encrypted transfer protocols, such as standard FTP.
  • All database backups are stored on-disk only and encrypted using the AES 256-bit protocol. Database backups are never stored on removable media or with external, third-party storage providers.
  • We provide data encryption-at-rest via a hardware-based approach. Encryption is provided for all data stored on our SAN, by the SAN hardware itself. SuccessFactors uses both Hitachi VSP and EMC VMAX solutions for our SAN hardware. Whenever data is written to disk, it is written and saved in encrypted format. AES 256-bit encryption is the method used. Hardware-level encryption provides superior performance to Software-level encryption, such as at the database software \ database memory layer.
  • Encryption key management is automated\scheduled through the SAN Administrative Tools. SAP SuccessFactors does not currently support customer-controlled encryption keys.

See the document in the attachments section for more information.

See Also

CISA: Cloud Information Security Awareness JAM group (file path: Content / Product Specific Information / SuccessFactors)

Keywords

HCM Infrastructure, Encryption, Storage, Performance , KBA , LOD-SF-PLT-SEC , Security & Permissions , Problem

Product

SAP SuccessFactors HCM Suite all versions

Attachments

SFSF Storage Encryption 2018.pdf