Siebel Security Guide > About Security for Siebel Business Applications > Siebel Security Architecture >

End-to-End Encryption for Data Confidentiality

Stored data can be selectively encrypted at the field level, and access to this data can be secured. In addition, data can be converted into an encrypted form for transmission over a network. Encrypting communications safeguards such data from unauthorized access. Transmitted data must be protected from intrusive techniques (such as sniffer programs) that can capture data and monitor network activity.

End-to-end encryption protects confidentiality along the entire data path: from the client browser, to the Web server, to the Siebel Server, to the database, and back. Figure 2 shows the types of encryption available for communications within the Siebel environment.

Figure 2. Encryption of Communications in the Siebel Environment

Communications encryption is available between the following:

1. Client Browser to Web Server. Siebel Business Applications run using the Siebel Web Client in a standard Web browser. When a user accesses a Siebel application, a Web session is established between the browser and the Siebel Server, with the Web server in between. To protect against session hijacking when sensitive data is transmitted, it is recommended that you use SSL or TLS protocols for communications between the browser and Web server, if support for these protocols is provided by your Web server.

   The SWSE can be configured to allow only URLs that use SSL or TLS over HTTP (HTTPS protocol) to access views in a Siebel application in the following scenarios:

   • Use HTTPS only on the login view to protect password transmission. See Login Security Features.
   • Use HTTPS for additional specific views (this option is available for standard interactivity applications only). See Configuring a Siebel Web Client to Use HTTPS.
   • Use HTTPS for the entire application. See Configuring a Siebel Web Client to Use HTTPS.
2. Web Server to Siebel Server. Siebel Business Applications components communicate over the network using a Siebel TCP/IP-based protocol called SISNAPI (Siebel Internet Session API). Customers have the option to secure SISNAPI using SSL, TLS, or embedded encryption from RSA or Microsoft Crypto APIs. These technologies allow data to be transmitted securely between the Web server and the Siebel Server. For more information, see Process of Configuring Secure Communications.
3. Siebel Server to Database. For secure transmission between the database and the Siebel Server, data can be encrypted using the proprietary security protocols specific to the database that a customer is using.
4. Database Storage. Siebel Business Applications allow customers to encrypt sensitive information stored in the database so that it cannot be viewed without access to the Siebel application. Customers can configure Siebel Business Applications to encrypt data before it is written to the database and decrypt the same data when it is retrieved. This prevents attempts to view sensitive data directly from the database. Siebel Business Applications support data encryption using AES and RC2 algorithms. For more information, see About Data Encryption.