Symptom
- Is SuccessFactors secure?
- Does SuccessFactors use encryption algorithms to secure my company information?
- What is the SuccessFactors's policy to secure browser data encryption and key management?
- Which security protocols does SuccessFactors leverage of?
Environment
SAP SuccessFactors HXM Suite
Resolution
- All data is encrypted in transit over HTTPS with 256-bit TLS encryption. Any files sent for batched\scheduled imports are over a customer-specific SFTP account, with use of PGP file encryption prior to transfer.
- Every page of the SuccessFactors application is currently delivered via Transport Layer Security (TLS). SuccessFactors currently supports TLS version 1.2. The TLS protocol handshake is opportunistic.
- All end user passwords are stored in the customer’s database with a salted hash, SHA-2. SuccessFactors provides full database encryption at rest as standard, using the AES 256-bit protocol. All database backups are stored on-disk only and encrypted using the AES 256-bit protocol.
- SuccessFactors manages all encryption keys and the HSM\hardware vendors SuccessFactors uses have passed the FIPS 140-2 level 3 certification testing.
See Also
Keywords
AES, SHA-1, Security, Certificate, Encryption, SSL, TLS, SHA-2, HTTPS, AES 256, protocol, encrypted , KBA , LOD-SF-PLT-SEC , Security Reports , LOD-SF-PLT , Platform Foundational Capabilities , How To
Product
SAP SuccessFactors HCM Suite all versions