Data encryption

<< Click to Display Table of Contents >>

Navigation:  Security and compliance >

Data encryption

Overview

To provide a higher data security level, as well as other security controls mentioned in Automation Service Security, Automation Service features data encryption for data both at rest and in transit.

 

For data at rest, Transparent Data Encryption (TDE) technology is in place, while for data in transit, communication channels rely on the Transport Layer Security (TLS) protocol entailing the use of certificates to encrypt content.

 

Encryption at rest

Encryption for data at rest is performed at the page level by using TDE.

The pages are kept in an encrypted database using this technology and are encrypted before they are written to disk and decrypted when read into memory.

This measure prevents reading data from the physical media by potential attackers (i.e, stealing files), while supporting the use of highly secure algorithms such as AES and the use of a 256-bit symmetric key.

 

Encryption in transit

Encryption of data in transit is assured by using TLS certificates that protect the channel.

This applies both to communications between Automation Service components and the database, and to the communication of end users when accessing Automation Service (in which case, HTTPS is used).

This measure prevents tampering of packages, spoofing, and man-in-the-middle attacks at the transport layer.

 

Additional notes

As well as the above security measures, note that unauthorized access to the database is not allowed, and identity management for access to Bizagi Work portal is under the administration of the customer.

For identity management, Automation Service supports integrated authentication mechanisms with which Bizagi never stores passwords. When Bizagi local authentication is used (with no integrated identity provider system), Bizagi encrypts passwords by employing an AES algorithm that uses a 256-bit key.