We maintain all internal testing and validation data in a production-stack equivalent internal stack populated with fictitious data, meaning Postman does not distribute customer data for internal testing or validation purposes.Ĭustomers, security teams, and developers can use configurable security rules and capabilities to improve API governance and security, such as identifying weaknesses and areas for improvement. In addition, we have key management capabilities to encrypt sensitive data at the application layer. Postman also encrypts your data using a key management service from AWS. We encrypt sensitive data, including environment variables, access and refresh tokens, and Amazon Web Services (AWS) secret keys. Other encryption methods include securing customer and company data at the application layer using AES-256-GCM. The Advanced Encryption Standard with Galois Counter Mode (AES-GCM) provides authenticated encryption, which ensures data confidentiality and integrity. By default, encryption is also enabled on all our services that contain data at rest.Īlso, your sensitive data at rest is encrypted on the server side before storage using AES-256-GCM. For example, all communications and data in transit over the internet require the latest version of Transport Layer Security, a cryptographic protocol that provides end-to-end encryption. We use cryptographic methods and industry standards to protect customer data in transit between Postman clients, the cloud, and at rest.
We have also instituted per-service access protection and data isolation. Data is stored with at least dual redundancy, with 15-day backups, and is accessible only in the private cloud. All customer data is stored on the Amazon Relational Database Service and configured securely.
0 kommentar(er)
