For Athento customers requiring encryption, Athento offers Azure's encryption-at-rest service.
Encryption at rest is the encryption of persistent data. Encryption at rest uses a symmetric cipher to encrypt and decrypt large amounts of data quickly according to a simple conceptual model:
- A symmetric encryption key is used to encrypt data as it is written to storage.
- The same encryption key is used to decrypt the data when it is prepared for use in memory.
- Data can be partitioned and different keys can be used for each partition.
- Keys should be stored in a secure location with identity-based access control and audit policies.
For customers with onpremise installations, Athento offers AES/GCM/NoPadding file system encryption on demand. The files stored by the document manager, also known as binaries, are stored using an AES algorithm. There are two possible modes:
- A fixed AES key that is retrieved from a keystore.
- An AES key derived from a human-readable password using the PBKDF2 mechanism (in which case each encrypted file contains a different salt for security reasons).