Announcing General Availability of SAP Data Custodian for Companies Using Google Cloud Platform

We are excited to announce the general availability of SAP Data Custodian for companies using Google Cloud Platform. With this release, SAP offers unparalleled levels of data visibility and control for companies to help protect their data.

SAP Data Custodian

Trust is the ultimate currency in the cloud business. Questions such as “In which regions is my data stored?” and “Who has access to my data?” are frequently asked by companies when moving to the cloud. These questions have become even more critical with the emergence of a wide range of new local, regional and international data protection and privacy regulations. Many of these data protection regulations restrict the geographies in which enterprises may store, process, and access sensitive data. Globally, with the General Data Protection Regulation (GDPR) and other stringent data sovereignty laws continuously evolving, there is an ever-increasing pressure on enterprises to establish robust compliance structures that can meet current requirements and be adapted to future changes as they come.

SAP Data Custodian provides companies with additional transparency and control mechanisms to strengthen their confidence in the cloud. The SAP Data Custodian solution gives insight into where a company’s data is stored in the cloud, and when and where it is moved, processed and accessed. With the solution’s unique “union” concept, businesses can restrict placement, movement, and access of their data to specific geo locations.

SAP’s powerful policy engine enables companies to flexibly configure software-defined policies for their data in the cloud to help address their unique business needs and specific regional data protection regulation requirements. Enterprises can benefit from the solution’s unique configuration policies for data access made on the cloud provider side. They can define policies at various granularity levels, at the resource class level or for an individual resource, depending on their specific requirements. An example of an access policy could be that a customer requests that all virtual machines in Germany only be accessed from Belgium and France, or that a specific storage bucket can only be accessed from within Germany. With our software-defined approach, the policies can be adjusted easily in response to changing global regulations and individual customer needs.

Once the policies are configured, SAP Data Custodian continuously monitors cloud deployments and alerts users on policy violations. The extensive reporting includes geo-location of business resources and data, geo-location of the person who is accessing the data, reason for the access, and read/write actions performed on data during the access of the data, amongst others. If the cloud provider accesses the data, additional details are pulled from various systems. For example, if the cloud provider has to access a company’s data to resolve a support ticket, then the related support ticket data is provided to the business to ensure maximum transparency.

For our next release of the SAP Data Custodian solution, we are working on introducing additional monitoring and control features to offer businesses an additional level of data protection and privacy in the cloud.

Implication for Finance and Security Executives

CISOs, CSOs, and CIOs have always been concerned about data security and data protection. The role of finance, however, has also significantly morphed over the years from being a humble “controller” to strategically shaping the scope and direction of the business – including oversight of governance, risk and compliance requirements. CFOs and finance executives not only have to drive performance and control costs, but they have to effectively manage operational and compliance risk across enterprise, especially with new and evolving data privacy regulations like the GDPR posing significant challenges for organizations. Applications in the cloud are now de rigueur for many organizations and data protection is top of mind for all. SAP Data Custodian aims to help surface the information executives need in order to understand their privacy, security and compliance posture in the cloud.

How Do I Learn More?

We will be demonstrating the SAP Data Custodian solution next week at SAPPHIRE NOW. If you’re planning to be on-site, stop by to learn more about SAP Data Custodian at booths BA352 and 370, as well as sessions BA59353 and ASUG12124. For further details, please visit our webpage at:

For more information, contact us via email at

Thomas Saueressig is chief information officer, global head of IT Services, and a member of the SAP Chief Technology Officer Circle.
Christoph Böhm is senior vice president of Cloud Delivery Services and Global Infrastructure at SAP.
Thomas Lee is global vice president and COOof Cloud Architecture and Engineering at SAP SE.
David Robinson is senior vice president and managing director of the Google Business Unit at SAP SE.