Managing Enterprise Data Encryption

On the Enterprise Key page in the Security & Control module of the Enterprise Admin Console, you can view, or regenerate your enterprise data encryption key.

About Encryption

Once data is stored on Messaging Platform servers, the data, plus any related search indexes, and SAN storage is encrypted using Encryption at Rest. uses two keys, the master key that is provisioned and stored using a Key Management Service (KMS) service and backed by Hardware Security Modules (HSM) for physical security.

The second key is the Enterprise Key. Application data is encrypted with the Enterprise Key using AES 256-bit Cipher Block Chaining and a 16-bit random initialization vector (IV).

By default, enterprise data, including user data, is automatically encrypted when stored on Messaging Platform servers. The encryption key is reissued every 60 days, or whenever manually refreshed by an admin. The latest refresh date is displayed next to the Refresh button as shown in the following illustration.

To generate a new enterprise data encryption key, click Refresh.

Next Steps

You may want to review additional security features and settings for your enterprise account. For more information, see Security & Control Module Overview.