SAP Knowledge Base Article - Public

2285759 - Security standards of SuccessFactors HXM Suite

Symptom

  • Is SuccessFactors secure?
  • Does SuccessFactors use encryption algorithms to secure my company information?
  • What is the SuccessFactors's policy to secure browser data encryption and key management?
  • Which security protocols does SuccessFactors leverage of?

Environment

 SAP SuccessFactors HXM Suite

Resolution

  • All data is encrypted in transit over HTTPS with 256-bit TLS encryption. Any files sent for batched\scheduled imports are over a customer-specific SFTP account, with use of PGP file encryption prior to transfer.
  • Every page of the SuccessFactors application is currently delivered via Transport Layer Security (TLS). SuccessFactors currently supports TLS version 1.2. The TLS protocol handshake is opportunistic.
  • All end user passwords are stored in the customer’s database with a salted hash, SHA-2. SuccessFactors provides full database encryption at rest as standard, using the AES 256-bit protocol. All database backups are stored on-disk only and encrypted using the AES 256-bit protocol.
  • SuccessFactors manages all encryption keys and the HSM\hardware vendors SuccessFactors uses have passed the FIPS 140-2 level 3 certification testing.

See Also

SAP News Data Encryption

Mobile FAQ Security

Technical Details for Interview Scheduling Outlook Integration Using Basic Authentication

Keywords

AES, SHA-1, Security, Certificate, Encryption, SSL, TLS, SHA-2, HTTPS, AES 256, protocol, encrypted , KBA , LOD-SF-PLT-SEC , Security Reports , LOD-SF-PLT , Platform Foundational Capabilities , How To

Product

SAP SuccessFactors HCM Suite all versions