- We would like to know the SuccessFactors HCM Datacenter Infrastructure & Encryption.
- Our IT security team is requesting evidence for Success SAN level encryption.
SAP SuccessFactors HCM Suite
Overall approach to Data Encryption
- SuccessFactors is a 100% web browser based application, with all access over HTTPS \ Port 443 exclusively. Every page of the SuccessFactors application is currently delivered via Transport Layer Security (TLS). SuccessFactors currently supports up to TLS version 1.2. All data is encrypted in transit over HTTPS with 256-bit AES encryption.
- Any files sent for batched\scheduled imports are over a customer-specific SFTP account, with recommended use of PGP file encryption prior to transfer. We do not support un-encrypted transfer protocols, such as standard FTP.
- All database backups are stored on-disk only and encrypted using the AES 256-bit protocol. Database backups are never stored on removable media or with external, third-party storage providers.
- We provide data encryption-at-rest via a hardware-based approach. Encryption is provided for all data stored on our SAN, by the SAN hardware itself. SuccessFactors uses both Hitachi VSP and EMC VMAX solutions for our SAN hardware. Whenever data is written to disk, it is written and saved in encrypted format. AES 256-bit encryption is the method used. Hardware-level encryption provides superior performance to Software-level encryption, such as at the database software \ database memory layer.
- Encryption key management is automated\scheduled through the SAN Administrative Tools. SAP SuccessFactors does not currently support customer-controlled encryption keys.
See the document in the attachments section for more information.
CISA: Cloud Information Security Awareness JAM group (file path: Content / Product Specific Information / SuccessFactors)
HCM Infrastructure, Encryption, Storage, Performance , KBA , LOD-SF-PLT-SEC , Security & Permissions , Problem
|SFSF Storage Encryption 2018.pdf|