Managing Customer-Owned Encryption with the New Key Management Service | feat. Sascha Vierlinger

Niklas Siemer is joined by Sascha Vierlinger, Product Manager for SAP Key Management service, to unpack customer-owned encryption in cloud landscapes—and why more organizations want control of the “last layer” of trust: the keys.

They walk through why encryption matters more in the cloud, the difference between SAP-managed vs. customer-managed keys, and what a modern Key Management Service (KMS) needs to deliver: secure key storage, lifecycle controls (enable/disable/delete), auditability, and operational safeguards like the four-eyes principle. The conversation also covers the classic “red button” scenario (cutting off access fast in an emergency), and how SAP’s new KMS is designed as a more scalable, central approach compared to the legacy SAP Data Custodian KMS.

⁠Download Episode Transcript⁠

In this episode, you'll learn:

• Why who controls the key is effectively who controls the data (especially in regulated industries).
• The three models for key control: Sub-managed keys, Bring Your Own Key (BYOK), and Hold Your Own Key (HYOK).
• What "key lifecycle" really means (rotation, disabling, deletion—and the very real risks).
• How SAP's new KMS supports stronger governance with audit logs and multi-party approvals.
• What to expect commercially (licensed product + connections) and how this fits with SAP BTP usage.

=====

Useful Links

• Key Management Service Product Documentation
• More about GRC and cybersecurity

Subscribe to the Unlocking SAP BTP Podcast:

• Apple Podcasts
• Spotify
• YouTube

=====

About the speakers:

Sascha Vierlinger

Product Manager, SAP Key Management Service

Sascha is Product Manager for Key Management at SAP. He has more than 15 years of SAP experience in consulting and product management and is certified SAP Enterprise Architect.

Follow Sascha on: LinkedIn

Hosted by Niklas Siemer

Senior Product Specialist SAP Business Technology Platform

Niklas is a passionate Product Manager for SAP BTP with a strong background in software development, primarily using Java and Node.js. He co-hosts the Unlocking SAP BTP (formerly SAP BTP Talk) podcast, where he explores SAP BTP topics in monthly deep dives. Before his current role, Niklas worked as a Learning Specialist, creating and delivering technical training on SAP BTP and the ABAP Platform.

Follow Niklas on: LinkedIn

=====

Connect With the Unlocking SAP BTP Podcast

• Facebook
• LinkedIn
• Email Us
• Monthly SAP Business Technology Platform Newsletter

More about SAP Business Technology Platform:

• SAP Business Technology Platform
• SAP BTP Community
• SAP BTP Product Roadmap
• SAP BTP Innobytes