Encryption
Encryption is the process of preventing unauthorized individuals and software systems from reading data by converting it into an unreadable format that can only be read using a decryption key. Enforcing encryption standards is an essential part of securely storing and transporting data managed by software systems, including the Socotra Insurance Suite.
This guide outlines encryption best practices we follow here at Socotra, and we highly recommend our customers follow these same guidelines.
Best Practices
Encrypt data using HTTPS and TLS version 1.3 for network communications.
Encrypt data using AES-256 when storing data.
Store credentials, API keys, and encryption keys within a secure secrets management system such as HashiCorp Vault or AWS Secrets Manager.
Stay up to date with the latest encryption protocols, and replace legacy protocols such as SSL and older versions of TLS with current industry-standard protocols.
For more details on encryption, visit our Trust Center.