Kontent.ai protects your content at several levels. When you edit your content in Kontent.ai, your data is encrypted in transit. Once your work is done, Kontent.ai encrypts your data at rest. The encryption is compliant with NIST 800-57, which provides guidelines on cryptographic key management.
Encryption in transit
Access to Kontent.ai resources by end users is encrypted in transit with HTTPS transport layer security (TLS). We support TLS 1.3 and TLS 1.2 with strong cipher suites to protect from man-in-the-middle attacks. Support for older protocols and cipher suites is disabled due to known security vulnerabilities.All ciphers support perfect forward secrecy to ensure that even intercepted traffic cannot be decrypted in the future.List of supported ciphers:
The Kontent.ai infrastructure runs on Microsoft Azure. Whenever you add or change the content in Kontent.ai, it’s stored in a Microsoft Azure data center. To secure your data at rest, we use service-managed transparent data encryption. Your data is safely encrypted at rest using the industry-standard AES 256 cipher. This way we protect the confidentiality of your data stored on physical disks in any digital format.This is also a requirement for all Kontent.ai providers that store customer data in any form.
Other uses of encryption
We also use encryption to ensure the integrity of data. That is to ensure that the data hasn’t been modified since its creation.For example, for the signatures of API keys used by Kontent.ai APIs, we use the RSA signature and HMAC with the SHA-256 hash function (HMAC-SHA-256). This way we can ensure that the API keys were issued by Kontent.ai or Auth0 as an identity provider.To generate cryptographically strong random values, we use the .NET Random Number Generator.For sensitive operations and applying cryptographic protection in general, we use the HMAC-SHA-256 or SHA-256 algorithms.