PMG Security Protocols for Encryption and Data Isolation
Data is secured in transit and at rest using strong encryption.
- Standards protocol:
- Data at rest – AES 256-bit encryption
- Data in transit – SSL/TLS1.2
- Physical protections managed through Amazon Web Services (AWS)
- Infrastructure encryption through AWS Key Management Service (KMS)
- Security modules validated under FIPS 140-2
Data at rest:
- Encryption standards include:
- Disk volumes
- Database data and logs
- Data backups
- Disks and databases are dedicated to customer
- Enhanced security:
- PMG application has an optional enhanced encryption layer for sensitive data elements such as personally identifiable information (PII)
Data in transit:
- Transport Layer Security (TLS) 1.2 over HTTPS for user to server communications
- Application to database communication over TLS 1.2
- PMG administration over IPsec VPN with multi-factor authentication
Data purging and archiving:
- Configurable workflows to support purging selected data can be executed:
- On a scheduled basis (e.g. after 2 years) or in alignment with corporate BAU
- On demand to support privacy regulations such as EU’s General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA)