PMG Security Protocols for Encryption and Data Isolation 

Data is secured in transit and at rest using strong encryption.

  • Standards protocol:
    • Data at rest – AES 256-bit encryption
    • Data in transit – SSL/TLS1.2
  • Physical protections managed through Amazon Web Services (AWS)
  • Infrastructure encryption through AWS Key Management Service (KMS)
    • Security modules validated under FIPS 140-2

Data at rest:

  • Encryption standards include:
    • Disk volumes
    • Database data and logs
    • Data backups
  • Disks and databases are dedicated to customer
  • Enhanced security:
    • PMG application has an optional enhanced encryption layer for sensitive data elements such as personally identifiable information (PII)

Data in transit:

  • Transport Layer Security (TLS) 1.2 over HTTPS for user to server communications
  • Application to database communication over TLS 1.2
  • PMG administration over IPsec VPN with multi-factor authentication

Data purging and archiving:

  • Configurable workflows to support purging selected data can be executed:
    • On a scheduled basis (e.g. after 2 years) or in alignment with corporate BAU
    • On demand to support privacy regulations such as EU’s General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA)

Click here to download PDF.