Data storage and encryption:
Sensitive information is stored in the MSQL database in encrypted form using 256 bit AES algorithm in its restful state. The storage account itself can be secured using Role-Based Access Control
Data is secured in transit between an application and Hosting provider by using Client-Side
Encryption, HTTPS. Data is set to be automatically encrypted when written to AWS Storage using Storage Service Encryption (SSE)
AWS database and data storage security policy
Make sure AWS data storage services are kept secure at all times. Below are some best practices around AWS database and data storage security:
- Ensure that no S3 Buckets are publicly readable/writeable unless required by the business.
- Turn on Redshift audit logging in order to support auditing and post-incident forensic investigations for a given database.
- Encrypt data stored in EBS as an added layer of security.
- Encrypt Amazon RDS as an added layer of security.
- Enable require ssl parameter in all Redshift clusters to minimize the risk of man-in-the-middle attack.
- Restrict access to RDS instances to decrease the risk of malicious activities such as brute force attacks, SQL injections, or DoS attacks.
Encrypt highly sensitive data such as protected health information (PHI) or personally identifiable information (PII) using SM8 controlled keys.
