SyncBox ensures that all sensitive data is protected through robust encryption methods, designed to meet the highest security standards. This chapter outlines the encryption policies, modes, and classifications applied to data managed within SyncBox.
Encryption Strategy
SyncBox employs encryption on all sensitive data to safeguard customer information and ensure compliance with security best practices. Each customer has their own unique encryption key, providing an added layer of isolation and security.
Encryption Modes
SyncBox supports the following encryption modes, tailored to different scenarios:
- Mode A: Unencrypted
Data is stored without encryption. Used only in scenarios where encryption is unnecessary for operational reasons. - Mode B: Encrypted with Global Key
Data is encrypted using a global key shared across all customers. - Mode C: Encrypted with Global Monthly Key
Data is encrypted with a global key that changes monthly for added security. - Mode D: Encrypted with Customer Key
Data is encrypted with a key specific to each customer. - Mode E: Encrypted with Customer Monthly Key
Data is encrypted using a customer-specific key that changes monthly for maximum security.
Data Storage Policy
The encryption strategy varies depending on the storage location and type:
Storage Locations
- Location L: SyncBox-managed storage.
- Location K: Customer-managed storage.
Storage Types
- Type P: Azure Blob Storage.
- Type R: Azure Table Storage.
- Type S: SQL Database.
Data Classification
Data within SyncBox is classified by type, and encryption policies are applied accordingly. Below is a breakdown of the classifications:
| Data Type | Encryption | Location | Type | Remarks |
|---|---|---|---|---|
| Connection Info | D | L | S | Contains credentials. |
| Block Configuration | B, D | L | S | Contains configuration details but no credentials. |
| Block Output | E | L, K | P | Contains customer-specific data. |
| Performance Logging | A | L | R | Tracks resource usage, runtimes, and billing. Not encrypted for reporting. |
| System Logging | C | L | R | Tracks exceptions and events for system monitoring. Not fully encrypted for reporting. |
| Detail Logging | E | L, K | R | Used for detailed run inspection. |
Remarks
- Performance Logging and System Logging: These data types are not fully encrypted as encryption would interfere with reporting and monitoring requirements. However, sensitive details like exceptions are encrypted to ensure confidentiality.
- Block Output and Detail Logging: These logs store customer-specific data and are encrypted with customer-specific keys to ensure security and compliance.
SyncBox’s encryption policy ensures that sensitive data remains secure while balancing the need for operational efficiency and reporting.