Skip to main content

If data requiring special protection is processed in a web service, this data must be individually protected by using end-to-end mechanisms at the application level (end-to-end), such as XML encryption.
 

Since transport encryptions are already terminated on outer layers, as well as possible payload logging and "hop by hop" communication, a pure transport encryption in most cases does not offer sufficient protection for particularly confidential data.

Examples of data requiring special protection are Medical data, Criminal records,  Bank details of a person, Quarterly figures before publication and  Draft contracts with high financial volume.

Motivation: Due to the special need for protection, confidentiality protection is required for certain data even if they are encrypted for transport or transmitted via secure networks.

 

Please specify product compliance as well as the corresponding method

FSM 6 does not currently provide support for E2EE as is being suggested here, nor is it planned at this time.

For transport security, we use SSL, which provides secure transport of all data.

Data at rest can be secured through encryption, but requires to be addressed on a field-by-field basis.  We offer this encryption for all attributes which we have determined to be sensitive, but this there is a very limited amount of data in our system which falls into this category- passwords, etc.  The data examples that you have noted above do not apply to our application - no payment info, medical data, personally sensitive data, etc.


Reply