Secure data

Data security involves the protection of your organization’s data, any data that you host for customers, and any input entered by users. Review the following information to learn about data security in the SCM environment.

Secure data in motion

SCM secures data in motion by using certificates. You can use automatically generated certificates or your own certificates:

• For agent nodes, you can generate the certificates in PE and then set up Mutual Transport Layer Security (mTLS). mTLS enables an authenticated connection between nodes and SCM. You can set up mTLS during installation or by using the configure plan. For an overview, see Configure Security Compliance Management mTLS certificates.

• The SCM console uses TLS certificates. For an overview, see Configure Security Compliance Management.

For enhanced security, you can set a maximum validity period of one year for certificates to ensure that they are rotated on a regular basis.

Secure data at rest

Securing data at rest involves protecting data on physical media, such as hard drives and solid-state drives (SSDs), and on cloud storage. Common methods include encryption, access controls, authentication mechanisms, and security audits.

With SCM, data is secured in a password-protected PostgreSQL database. Within the PostgreSQL database, sensitive fields are encrypted.

Secure user input

Securing user input involves masking or hiding the content of input fields in a user interface to prevent unauthorized individuals from viewing sensitive information. Also known as UI field obfuscation, this method is commonly applied to fields that contain confidential data.

With SCM, passwords are obfuscated when users log in.