Encryption is primarily used to safeguard the contents of a message so that only the intended recipient can read it. This is done by replacing the contents with unrecognizable data, which can be understood only by the intended recipient. This is how encryption became a method to protect data from those who may want to steal it.
Encryption can be used in two situations:
- Encryption in Transit
- Encryption at Rest (EAR)
Encryption in Transit
This refers to data that is encrypted when it is in transit — including from your browser to the web server and other third parties via integrations. Encrypting data in transit protects your data from man-in-the-middle-attacks.
Encryption at Rest
This refers to data that is encrypted when it is stored (not moving) — either on a disc, in a database, or some other form of media. In addition to encryption of data during transit, encryption of data when it is stored in the servers provides an even higher level of security. EAR protects against any possible data leak due to server compromise or unauthorized access.
Encryption is done at the application layer using the AES-256 algorithm, which is a symmetric encryption algorithm and uses 128-bit blocks and 256-bit keys. The key used to convert the data from plain text to cipher text is called Data Encryption Key (DEK). The DEK is further encrypted using the KEK (Key Encryption Key), providing yet another layer of security. The keys are generated and maintained by our in-house Key Management Service(KMS).
What Data we encrypt in Zoho Notebook?
The following data are encrypted in Zoho Notebook:
Data | Data Source |
Notecards and Activity | Added by users for:
- All note card types
- Information about device models for modifying any types of notes
|
|
Attachments | Added by users when attaching files using File card
|
|
User Details | Phone Number added by user
|
Object Detection |
|
OCR | Text Content extracted using OCR
|
Resource Keywords | Keywords which are used for searching contents
|
Integration
| Generated by system for following actions:- Time Zone information when user integrates with IFTTT
- Slack Resource name using Notebook Slack integration
- Web hook URL for notifications, sent using Zoho Flow, Slack and IFTTT
|
Offline Access | User OAuth token. Generated during third party migration and internal user initiated migration.
|
Full-disk Encryption:
In addition to application-layer encryption, we use Self-Encrypting Drives (SEDs) to provide hardware-based full-disk encryption in India (IN), Australia (AU), Europe (EU), and Japan (JP) data centers. For the United States (US) and China (CN) data centers software-based disk encryption methods are used.