Cryptography & Encryption

For data in transit, do you leverage encryption to protect data during transport across and between networks instances including services like SSH, HTTPS, etc.?

"Yes, we use AES 256-bit encryption. All the network communication for network communication is encrypted with the industry standards. Note - Please provide supporting documentation defining encryption standards and technologies."

Do you encrypt data at rest?

All data volume is encrypted with AES 256-bit encryption to prevent any external snooping or unauthorized access in the multi-tenant environment.

Do you segregate multi-tenant data using encryption?

Yes, the data is segregated with a client-specific key for proper handling and representation.

Do you provide native encryption capability for sensitive data fields? If so, are there any limits on the number of fields?

Yes, there's a native encryption capability when it comes to sensitive data fields. As each field is equally intricate, there are no limits to such fields.

Do you have controls in place to ensure User IDs and passwords are transmitted in an encrypted format?

User IDs and passwords must transmit through stringent checks in an encrypted format that complies with the current Technical Security Baseline Standards.

Are passwords stored in an encrypted or a single, one-way hash?

The passwords are stored after encryption for maximum security of data.

Do you support secure deletion (e.g., degaussing/cryptographic wiping) of archived and backed-up data as determined by the tenant?

"Yes, our policies and procedures are established as per implemented mechanisms for secure disposal and removal of data from every storage media. By this, it rests assured that the data can't be recovered by any computer forensic means. We assure secure data disposal when storage is decommissioned or when the contract comes to an end."

Can you provide a published procedure for exiting the service arrangement, including assurance to sanitize all computing resources of tenant data once a customer has exited your environment or has vacated a resource?

"Please refer ""Do you support secure deletion of data?"" for an explanation. As for the procedure, here's the protocol that we follow:

  • Storage Period would be as per regulatory conditions.

  • Personal data can be deleted based on a formal written request, with justification.

  • Xoxoday would delete the data within 30 days of receiving the request"

Do you allow tenants to use their own certificates?

No, users must use certificates from Xoxoday. They are benchmarked as per the best industrial standards to ensure complete encryption of data.

Do you utilize open encryption methodologies any time your infrastructure components need to communicate with each other via public networks (e.g., Internet-based replication of data from one environment to another)?

No, open encryption has proven to show cracks and bruises and that's why we only equip data traversing public networks with industrial standards to ensure protection from fraud, unauthorized disclosure, modification, or compromise of data.

Are TCCC approved technologies used to transfer personal data? (Other than e-mail)

Yes, personal data is to be transmitted using firmly approved encrypted systems and in no way is to be transmitted via email.

Are virtual images hardened by default to protect from unauthorized access?

Yes, the hardened images are secure from any malicious leak or unauthorized access. These hardened images do not contain any authentication credentials.

Do you support end-to-end encryption of tenant's data in transit across all security zones?

Yes, our network communication is encrypted with highly restricted protocols to ensure maximum security.

Do you allow your tenant to manage all cryptographic keys (e.g., data encryption, SSL certificates) for sensitive data?

No, the cryptographic keys, including data encryption and SSL certificates are managed by Xoxoday for optimal security of sensitive data.

Do you support end-to-end encryption of tenant's data in transit across all security zones?

Yes, our network communication is encrypted with highly restricted protocols to ensure maximum security.

Do you allow your tenant to manage all cryptographic keys (e.g., data encryption, SSL certificates) for sensitive data?

No, the cryptographic keys, including data encryption and SSL certificates are managed by Xoxoday for optimal security of sensitive data.

Contents
For data in transit, do you leverage encryption to protect data during transport across and between networks instances including services like SSH, HTTPS, etc.?
Do you encrypt data at rest?
Do you segregate multi-tenant data using encryption?
Do you provide native encryption capability for sensitive data fields? If so, are there any limits on the number of fields?
Do you have controls in place to ensure User IDs and passwords are transmitted in an encrypted format?
Are passwords stored in an encrypted or a single, one-way hash?
Do you support secure deletion (e.g., degaussing/cryptographic wiping) of archived and backed-up data as determined by the tenant?
Can you provide a published procedure for exiting the service arrangement, including assurance to sanitize all computing resources of tenant data once a customer has exited your environment or has vacated a resource?
Do you allow tenants to use their own certificates?
Do you utilize open encryption methodologies any time your infrastructure components need to communicate with each other via public networks (e.g., Internet-based replication of data from one environment to another)?
Are TCCC approved technologies used to transfer personal data? (Other than e-mail)
Are virtual images hardened by default to protect from unauthorized access?
Do you support end-to-end encryption of tenant's data in transit across all security zones?
Do you allow your tenant to manage all cryptographic keys (e.g., data encryption, SSL certificates) for sensitive data?
Do you support end-to-end encryption of tenant's data in transit across all security zones?
Do you allow your tenant to manage all cryptographic keys (e.g., data encryption, SSL certificates) for sensitive data?