In order to provide a higher data security level, as well as other security controls mentioned in Bizagi PaaS Security, Bizagi PaaS features data encryption both for data at rest and in transit.
For data at rest, the use of the Transparent Data Encryption (TDE) technology is in place, while for data in transit, communication channels rely on the use of Transport Layer Security (TLS) protocol entailing the use of certificates to encrypt content.
Encryption at rest
Encryption for data at rest is performed at the page level by using TDE.
The pages are kept in an encrypted database using this technology and are encrypted before they are written to disk and decrypted when read into memory.
This measure prevents reading of data from the physical media by potential attackers (i.e, stealing files), while supporting the use of highly secure algorithms such as AES and the use of a 256-bit symmetric key.
Encryption in transit
Encryption of data in transit is assured by using TLS certificates that protect the channel.
This applies both to communication between Bizagi PaaS components and the database, and to the communication of end users when accessing Bizagi PaaS (in which case, HTTPS is used).
This measure prevents tampering of packages, spoofing, and man-in-the-middle attacks at the transport layer.
As well as the above security measures, please note that unauthorized access to the database is not allowed, and identity management for access to Bizagi Work portal is under the administration of the customer.
For identity management, Bizagi PaaS supports integrated authentication mechanisms with which Bizagi never stores passwords. When Bizagi local authentication is used (with no integrated identity provider system), Bizagi encrypts passwords by employing an AES algorithm that uses a 256-bit key.