Skip to Content
avatar image
Former Member

GDPR - Business Objects Encryption

Hi,

I need your expert advice on the Encryption Standards / Methods supported by SAP for the Data At Rest and Data In Transit for Business Objects.

This question is being asked in the context of staying complaint with General Data Protection Regulation (GDPR).

I would like to understand the different ways/methods to encrypt Sensitive Data. While the Database Teams are looking at ways to encrypt the data at the Database Level or Table Level or Field Level, how can we implement decryption in Business Objects, some probably using the decrypt function of the database or may very well depend on how the Databases are encrypted for us to determine the decryption strategy.

The question is also then on the data residing on the FileStore for Reports saved with data or Instances generated with data. Although only authorized users have access to the data through BI Launchpad, the data present on the FileStore is not encrypted. The Admin Guide says the following under the "General recommendations for securing your deployment" section - What is SAP suggesting in the comments below?

. Add additional encryption to the File Repository Servers. Once the System is up and running, propriety content will be store in these Servers. Add additional encryption through the OS or use a third party tool

. Ensure the platform installation directory and sub-directories are secured. Sensitive temporary data may be stored in these directories during system operation

The Company is also migrating towards using Key Secure (Gemalto) as the standard method of Encryption where Application Level and Field Level Encryption should be implemented and Personal Information should be encrypted while at REST (Tables and Logs) and in Transit - Does SAP support this for Business Objects?

Please advise.

Thank you.

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • Feb 02 at 09:03 PM

    Yes and No and depends.

    CMS DB is encrypted.
    File Store you can encrypt using OS tools etc...
    Data in your reporting DB's is not something BOE can encrypt/decrypt - all that is done outside of BOE.
    Communication between BOE services can be encrypted by using Corba SSL.
    Communication with BILaunchpad can be protected by SSL/HTTPS

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Feb 06 at 01:48 AM

    Hi Denis,

    Thank you for inputs.

    What is the Encryption Type and Algorithm applied on CMS DB?

    When we use OS standards to encrypt the Business Objects Installation Directory (including FileStore), how does Business Objects understand and decrypt the information needed so it can display it on Reports/Dashboards?

    Does Business Objects supports querying Encrypted Reporting Databases? If yes, how?

    How can we incorporate the use of Gemalto’s KeySecure for Key Management with Business Objects? If not supported, are there any third party vendors offering solutions?

    Please advise.

    Thank you again.

    Add comment
    10|10000 characters needed characters exceeded