Athento encryption

Encryption at rest

For Athento customers requiring encryption, Athento offers Azure's encryption-at-rest service.

Encryption at rest is the encryption of persistent data. Encryption at rest uses a symmetric cipher to encrypt and decrypt large amounts of data quickly according to a simple conceptual model:

• A symmetric encryption key is used to encrypt data as it is written to storage.
• The same encryption key is used to decrypt the data as it is prepared for use in memory.
• Data can be partitioned and different keys can be used for each partition.
• Keys must be stored in a secure location with identity-based access control and audit policies.

For customers with on-premise or non-Azure installations, Athento offers on-demand AES/GCM/NoPadding file system encryption. Files or archives stored by the document manager, also known as binaries, are stored using an AES algorithm with a 256-bit key. There are two possible modes:

• A fixed AES256 key is retrieved from a Keystore.
• An AES256 key derived from a human-readable password using the PBKDF2 mechanism (in which case each encrypted file contains a different salt for security reasons).

Encryption in transit

All-access to Athento solutions is via HTTPS or FTPS using SHA-256 certificates with RSA encryption.