Encryption for SaaS and enterprise software
Most of us in this day and age cannot avoid the involvement of technology in some form in our professional lives. Whether in the form of client emails, contracts or internal documentation, more and more important information is being stored and shared online. When so much information is stored and transferred in digital form, keeping sensitive data private is an important part of ensuring client confidentiality and data security. For any solutions that a professional service provider uses, such as cloud storage, DMS or productivity solutions that have access to your data, you should understand how they protect your data. One important matter to be aware of is how your data is encrypted.
Encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext that no one but the target recipient will be able to decrypt for readability. The recipient holds a key for decryption, which is when data is translated back into its original readable form. More complex understanding involves the use of specific mathematical formulae to perform symmetric or asymmetric encryption.
Encryption can be applied to data in transit and data at rest. Knowing the difference between the two is important because it is important to minimize vulnerabilities in both mechanisms.
Data in Transit
Data in transit is also known as data in motion, and describes data that is actively moving from one location to another, whether it is across the internet, web browsers, between devices, or through a private network. Data is often less secure while in motion, so it is important to ensure effective data protection. Data in transit can be protected by encrypting data before it is moved, or by using encrypted connections such as HTTPS, SSL, TLS, or FTPS.
Data at Rest
Data at rest describes data that is not in motion, which includes data archived or stored on a device or network, such as a hard drive, laptop or flash drive. Data at rest can be protected by encrypting sensitive files before they are stored, or by encrypting the entire storage drive itself.
LEGALX is an SaaS solution that uses military grade cloud storage services. Our services support a number of options to encrypt data at rest, including service-managed keys, customer-managed keys, and client-side encryption. For data in transit, our services use the TLS (Transport Layer Security) protocol to protect data in transit between cloud services and customers, as well as SSL (Secure Sockets Layer), a standard security technology for establishing an encrypted link between a web/mail server and a client.