Financial Management Blogs by SAP
Get financial management insights from blog posts by SAP experts. Find and share tips on how to increase efficiency, reduce risk, and optimize working capital.
Showing results for 
Search instead for 
Did you mean: 


Data breaches from malicious or even unintentional misuse of sensitive data are at the forefront of data protection regulations. Every year stringent controls are put in place to ensure data is only accessed by permitted users, but even the best laid security plans need an additional layer of protection on their stored sensitive data. With tokenization, your team can shield data at the database-field level to mitigate risks to your secure SAP environment  

What is tokenization?  

The tokenization process replaces sensitive data with format-preserving, randomly generated strings of characters or symbols, known as tokens, in your underlying database. Once data is tokenized, it can be accessed by application users, all while improving compliance with data protection regulations.  

How can I implement tokenization using SAP Data Custodian?  

SAP Data Custodian connects to supported Tokenization Service Providers (TSPs) to tokenize and detokenize your SAP application data. Once you establish communication between your TSP and SAP Data Custodian tenant, you can map your SAP business fields that will be tokenized to your imported TSP technical fields.   

SAP user initiates tokenization from SAP S/4HANA system using SAP Data Custodian.

Can tokenization be reversed?

Yes, tokenization is reversible. Known as detokenization, authorized users can request to view tokenized data. During this process, the permitted user submits their request, which is then checked by the SAP Data Custodian detokenization policy. If the request is approved, it is sent to the TSP and the detokenized data is made available to that user at runtime on the application layer.  

Can I implement tokenization for existing data?  

Yes, the bulk tokenization feature allows you to tokenize existing data in your SAP system.  

Does SAP Data Custodian track who accesses detokenized data?  

Yes, any time a user accesses, updates, or saves detokenized data at run-time, the operation is recorded in SAP Data Custodian for audit and reporting purposes. This information provides full transparency into who accesses detokenized data and allows your team to review how well your security standards are implemented throughout the year.  

What happens to tokenized data for other integrated applications?

Tokenized data remains protected in other applications. If the other applications need to access detokenized data, they must implement the SAP Data Custodian tokenization feature for the integrated scenarios.

How can I implement tokenization for my SAP S/4HANA or ECC data?

When you’re ready to discuss implementing additional security layers for your SAP applications, the SAP Data Custodian team is ready to help! Reach out to the SAP Data Custodian team for additional information on whether SAP Data Custodian would work for your team.    

Learn more about tokenization for SAP Data Custodian:    

If you found this post helpful, click the “Like” button, and share your thoughts using the comments section.