Encryption works silently in the background, but its role is critical, as it ensures that even if, however unlikely, someone gains unauthorized access, your data remains completely unreadable to them.
The powerful encryption in Zoho Quartz serves as the final line of defense. At every stage of its lifecycle, encryption transforms your data into an unrecognizable format so that only authorized parties can interpret it.
What is encryption?
Encryption works by applying a special encoding process to your data so it becomes unreadable (encrypted). A corresponding decoding process, controlled by a secret key, is required to restore the original data. Without that key, anyone who accesses the data will only ever see a meaningless string of characters.
The encoding follows a public encryption algorithm (such as AES-256), but the process depends entirely on a key that is kept secret. This separation of algorithm and key is what makes encryption robust.
How does it work in Zoho Quartz?
Zoho Quartz applies encryption in two key scenarios:
- Encryption in transit
- Encryption at rest (EAR)
Encryption in transit
Encryption in transit protects data as it moves from your client application to Zoho Quartz servers and/or between any integrated services. This prevents sensitive information from being intercepted during transmission, guarding against threats such as man-in-the-middle attacks.
Transport Layer Security: All connections to Zoho Quartz are secured using Transport Layer Security. TLS authenticates the parties involved and ensures that data in transit cannot be eavesdropped upon or tampered with. Quartz follows TLS protocol versions 1.2 and 1.3, and enforces HTTPS Strict Transport Security (HSTS) across all endpoints.
Encryption at rest
Encryption at rest protects data that is stored on disks, in databases, or in any other storage medium. Even if someone were to gain unauthorized access to Quartz's storage infrastructure, encrypted data would remain unreadable without the corresponding decryption keys.
Encryption is applied at the application layer using the AES-256 algorithm which is a symmetric key encryption standard using 128-bit blocks and 256-bit keys, widely regarded as one of the strongest encryption standards available.
Zoho Quartz has a layered key hierarchy (consisting of Data Encryption Key (DEK), Key Encryption Key (KEK) and Master Key) which ensures that no single point of compromise can expose your data.
What data does Quartz encrypt?
- Video recordings submitted by users
All video recordings uploaded or submitted through Quartz are encrypted to safeguard user-generated content stored within Zoho Quartz. - Recording details and metrics
Metadata associated with recordings, including details, logs, attachments and performance metrics, is encrypted at rest alongside the recordings themselves. - Desk and SalesIQ details for feedback
Data sourced from Zoho Desk and Zoho SalesIQ integrations, such as ticket or chat identifiers, is encrypted to ensure cross-product data remains secure within Quartz. - Payload requests
Payload encryption is supported for data submitted by other services. Sensitive information, such as headers and parameters, can be sent in encrypted form. When provided this way, the data is stored as received, ensuring secure handling both during transmission and at rest.
Key management
All encryption keys used in Zoho Quartz are generated and managed by Zoho's in-house Key Management Service (KMS). The KMS handles the full key lifecycle (creation, storage, rotation, and access control) across all services.