Security Guide for Siebel Business Applications > About Security for Siebel Business Applications > Siebel Security Architecture >

End-to-End Encryption for Data Confidentiality

Stored data can be selectively encrypted at the field level, and access to this data can be secured. In addition, data can be converted into an encrypted form for transmission over a network. Encrypting communications safeguards such data from unauthorized access. Transmitted data must be protected from intrusive techniques (such as sniffer programs) that can capture data and monitor network activity.

End-to-end encryption protects confidentiality along the entire data path: from the client browser, to the Web server, to the Siebel Server, to the database, and back. Figure 2 shows the types of encryption available for communications within the Siebel environment.

Figure 2. Encryption of Communications in the Siebel Environment
Click for full size image

Client Browser to Web Server

Siebel Business Applications run using the Siebel Web Client in a standard Web browser. When a user accesses a Siebel application, a Web session is established between the browser and the Siebel Server, with the Web server in between. Secure Sockets Layer (SSL) protects against session hijacking when sensitive data is transmitted. Siebel Business Applications support 128-bit SSL data encryption, an extremely secure level of protection for Internet communications.

Customers using SSL can configure which Web pages (known as views) within the Siebel application will use SSL, in the following scenarios:

Web Server to Siebel Server

Siebel software components communicate over the network using a Siebel TCP/IP-based protocol called SISNAPI (Siebel Internet Session API). Customers have the option to secure SISNAPI using Secure Sockets Layer (SSL) or embedded encryption from RSA or Microsoft Crypto APIs. These technologies allow data to be transmitted securely between the Web server and the Siebel Server.

For more information, see Configuring Secure Communications.

Siebel Server to Database

For secure transmission between the database and the Siebel Server, data can be encrypted using the proprietary security protocols specific to the database that a customer is using.

Database Storage

Siebel Business Applications allow customers to encrypt sensitive information stored in the database so that it cannot be viewed without access to the Siebel application. Customers can configure Siebel software to encrypt a field of data before it is written to the database and decrypt the same data when it is retrieved. This prevents attempts to view sensitive data directly from the database. Siebel Business Applications support data encryption using AES and RC2 algorithms.

For more information, see Configuring Data Encryption.

Security Guide for Siebel Business Applications