Data transit occurs throughout the application. In the first instance between the SM8 application front-end presentation layer, and the back-end logic. Data transit takes place via API’s -> as per Insurer requirements
Data is encrypted between the client and DB Storage.
- Always use the HTTPS protocol, which ensures secure communication over the public Internet.
- Always use HTTPS when calling the REST APIs or accessing objects in storage.
- Only the HTTPS protocol can be used when using Shared Access Signatures, ensuring that anybody sending out links with SAS tokens will use the proper protocol.
Enforce the use of HTTPS when calling the REST APIs to access objects in storage accounts by enabling Secure transfer required for the storage account. Connections using HTTP will be refused once this is enabled
