Encrypting data

Forcepoint Data Security Cloud | SSE enterprise edition allows users to encrypt data at rest in cloud applications for both file and field level data. Keys can be managed in the Forcepoint Data Security Cloud | SSE Keystore or customers can add their own KMIP Key Store to utilize existing key management appliance/servers (KMS or HSM).

• Data is encrypted using 256-bit derived keys which are encrypted by master keys stored in Key Vaults.
• If a KMIP keystore becomes inaccessible, Forcepoint Data Security Cloud | SSE will not be able to decrypt any data encrypted by master keys stored in the keystore since the key will be inaccessible.

  It is critical that external KMS/HSM infrastructure is deployed in a redundant high-availability architecture.