Encryption at Rest, What is it and does my DMS do this?
Automotive Dealerships have seen their fare share of changes in the last few years. Some of these changes are more technical in nature. Take for example, the FTC's Safeguard Rules scheduled to go into effect in December '22. One of the key areas outlined in the Safeguard Rules is end-to-end Data Encryption. As you may know, migrating to encrypting data during transmission has been at the forefront of default expectation for some time now. Examples of this are websites defaulting to HTTPS (Secure and encrypted website and web-application interaction).
What is Encryption at Rest?
At is foundation, Encryption at Rest is ensuring data stored is encrypted when committed to the filesystem such as a hard drive. Usually you will hear this term when discussing relational data such as data stored in a database or document archiving system. When data is written to the filesystem, the data is encrypted using cryptographic software. Upon retrieval the data is unencrypted, allowing the software and authenticated user to interact with the data.
Essentially, if hackers break into the system, the data available on the filesystem is useless. This is the primary benefit of Encryption at Rest. With the rise of ransomware, threat actors and automated security testing it is increasingly important to protect your customers personal information.
Are my Systems Encrypting at Rest?
Knowing if your systems providers are encrypting at rest usually involves directly asking or research. Some providers detail in the documentation the encryption at rest offerings. To make this ask increasingly complicated, think of how many service providers you use that hold critical and sensitive customer data. For most Dealerships this can be on the order of tens of providers. Are all of these providers prepared to encrypt their storage?
Some ways we Encrypt at Rest.
When accessing customer data it's important it be available for the right authorized users at the right time. Providing the information in a safe and secure way requires a lot of advanced tooling behind the scenes. Here are some examples of how we at DealerTeam help ensure our customer data is trusted, safe and secure.
Financial Data stored in our Large Data Relational Database uses AES-256 Data Encryption. This ensures all data is encrypted when moving between volume and instance. In simple terms, when stored in permanent memory and transmitted to the database servers the data is encrypted.
Data and Files stored within the CRM, and Operations Layer is optionally encrypted based on setup. The Lightning Platform powers these elements. Leveraging the Salesforce Shield technology, users can optionally encrypt the fields that matter. For example, if you wanted to encrypt FirstName, LastName, Phones, etc. you can define these as encrypted, leaving non-personal data unencrypted.
This is interesting, how do I learn more?
If you would like to learn more, please contact your DealerTeam Success Manager. If you are not currently using DealerTeam but would like more information we are glad to help, send us an email, info@dealerteam.com. Alternatively, if you are seeking information from existing services you use touch base with your softwares respective account manager.
For more technical details and continued learning, please browse these resources.
- https://trailhead.salesforce.com/content/learn/modules/spe_admins?trail_id=shield
- https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.Encryption.html
- https://cloud.google.com/docs/security/encryption/default-encryption