Encrypting data

Forcepoint ONE SSE enterprise edition allows users to encrypt data at rest in cloud applications for both file and field level data. Keys can be managed in the Forcepoint ONE SSE Keystore or customers can add their own KMIP Key Store to utilize existing key management appliance/servers (KMS or HSM).



  • Data is encrypted using 256-bit derived keys which are encrypted by master keys stored in Key Vaults.
  • If a KMIP keystore becomes inaccessible, Forcepoint ONE SSE will not be able to decrypt any data encrypted by master keys stored in the keystore since the key will be inaccessible.

    It is critical that external KMS/HSM infrastructure is deployed in a redundant high-availability architecture.