Encryption at rest
For Athento customers requiring encryption, Athento offers Azure's encryption-at-rest service.
Encryption at rest is the encryption of persistent data. Encryption at rest uses a symmetric cipher to encrypt and decrypt large amounts of data quickly according to a simple conceptual model:
- A symmetric encryption key is used to encrypt data as it is written to storage.
- The same encryption key is used to decrypt the data as it is prepared for use in memory.
- Data can be partitioned and different keys can be used for each partition.
- Keys must be stored in a secure location with identity-based access control and audit policies.
For customers with on-premise or non-Azure installations, Athento offers on-demand AES/GCM/NoPadding file system encryption. Files or archives stored by the document manager, also known as binaries, are stored using an AES algorithm with a 256-bit key. There are two possible modes:
- A fixed AES256 key is retrieved from a Keystore.
- An AES256 key derived from a human-readable password using the PBKDF2 mechanism (in which case each encrypted file contains a different salt for security reasons).
Encryption in transit
All-access to Athento solutions is via HTTPS or FTPS using SHA-256 certificates with RSA encryption.