Encryption is primarily used to safeguard the contents of a message so that only the intended recipient can read it. This is done by replacing the contents with unrecognizable data, which could be understood only by the intended recipient. This is how encryption protects data from those who might want to steal it.
Encryption can be used in two situations.
- Encryption In Transit.
- Encryption At Rest (EAR).
Encryption In Transit
Encryption In Transit refers to encrypting data when it is being transmitted—for example, from your browser to the web server, and to other third parties via integrations. Encrypting data in transit protects your data from man-in-the-middle attacks.
Encryption At Rest
EAR refers to encrypting data when it is stored (not moving) either on a disc, in a database, or in some other form of media. When EAR is done in addition to encrypting data during transit, it provides an even higher level of security. EAR protects against any possible data leak due to server compromise or unauthorized access.
Encryption is done at the application layer using the AES-256 algorithm which is a symmetric encryption algorithm and uses 128-bit blocks and 256-bit keys. The key used to convert the data from plain text to cipher text is called Data Encryption Key (DEK). The DEK is further encrypted using the Key Encryption Key (KEK), providing yet another layer of security. The keys are generated and maintained by our in-house Key Management Service (KMS).
Learn more about our KMSData encrypted in Zoho Directory
In Zoho Directory, when you're using custom fields to collect Personal Identifiable Information (PII) or other similarly sensitive information, you can
choose to encrypt the field. All such fields will be encrypted at rest.
Full-disk Encryption
Besides application layer encryption, full disk encryption is available in India (IN), Australia (AU), and Japan (JP) datacenters.