Encryption and encryption keys
Encryption at rest
Simployer enforces encryption at rest through our hosting partners. Encryption at rest provides data protection for stored data (at rest). Encryption at rest is designed to prevent an attacker from accessing the unencrypted data by ensuring the data is encrypted when on disk. If an attacker obtains a hard drive with encrypted data but not the encryption keys, the attacker must defeat the encryption to read the data.
Depending on different types of storage our systems provide different kinds of encryption at rest technologies:
- Database storage in Azure has Transparent Data Encryption
- BLOB storage (and backup data) in Azure has AES encryption
- Database and file storage in AWS has Amazon EBS encryption
Encryption in transit
Simployer enforces encryption on all data that are in transit between our applications and the end user. Encryption is done using Transport Layer Security (TLS V.1.2 or newer) with 2048 bits RSA, and Simployer uses certificates issued Digicert. Digicert is a world leader in providing secure certificates for encryption.
Transport Layer Security (TLS) certificates—most commonly known as SSL, or digital certificates, are the foundation of a safe and secure internet. TLS/SSL certificates secure internet connections by encrypting data sent between your browser and the websites you visit. They ensure that data is transmitted privately and without modifications, loss or theft.
Key storage
Simployer stores its private keys in secure key vaults, and the encryption key are not available for other than trusted Simployer personnel.