Encryption 
Encrypting the Data Transfer
When your client application (database tool, database application or database interface) and your database are located on different computers, SAP customers can encrypt the data transferred between the client application and the global listener or the installation-specific X server (SAP MaxDB communication server) using SSL/TLS.
Procedure
Configure your SAP system for SSL/TLS encryption.
For more information, see the Installation documentation.
To encrypt the data transmitted between client application and the global listener/X server of the database, select the corresponding option when you log on to the database.
Encrypting Backups
Prerequisites
SAP Cryptolib (only available for SAP systems)
You have created a private-public key pair using sapgenpse.
For more information about sapgenpse and SAP Cryptolib, see Using the SAP Cryptographic Library for SNC.
Procedure
When creating the backup template for your backup, specify the encryption algorithm and the private key owner in the backup template properties.
Create the backup using this backup template.
Example
Scenario: You want to create encrypted backups and want to be able to use these encrypted backups even if you loose the original private key.
Using sapgenpse, you create a public-private key pair for the database and an additional public-private key pair for emergencies.
When creating the key pair for the database, you specifiy the following properties for the private key owner and for the certificate owner:
CN=<database_name>, for example DEMODB
OU=<department_name>, for example DemoDepartment
OU=<company_name>, for example DemoCompany
When creating the key pair for emergencies, you specifiy the following properties for the private key owner and for the certificate owner:
CN=<recovery_name>, for example RECOVERY_DEMODB
OU=<department_name>, for example DemoDepartment
OU=<company_name>, for example DemoCompany
The private keys are stored in PSE (Personal Secure Environment) files, the public keys are stored in certificates.
Put the PSE file of the key pair for emergencies in a secure location, for example a safe.
In the PSE file for the database, import the certificate of the key for emergencies.
Create your encrypted backups using both owner names.
If you need to recover your database, but have lost the original private key for the database, you can use the private key that was created for emergencies.