Encryption at Zoho Analytics

Encryption is predominantly used to prevent data exfiltration or theft, and to ensure secure data transfer between applications. Encryption is done by converting the information from a readable format to an encoded format using algorithms. Encrypted information can be accessed only by authorized parties, thereby preventing unauthorized access.

Encryption can be done at two levels,

• Encryption at Transit
• Encryption at Rest

Encryption in Transit

It refers to data that is encrypted when it is in transit — including from your browser to the web server and other third parties via integrations. Encrypting data in transit protects your data from man-in-the-middle attacks. 

Learn more about Encryption in Transit

Encryption at Rest

This refers to the data that is encrypted when it is stored, either on a disc, in a database, or some other form of media. In addition to encryption of data during transit, encryption of data when it is stored in the servers provides a higher level of security. EAR protects against any possible data leak due to server compromise or unauthorized access.

Encryption is done at the application layer using the AES-256 algorithm which is a symmetric encryption algorithm and uses 128-bit blocks and 256-bit keys. The key used to convert the data from plain text to cipher text is called Data Encryption Key (DEK). The DEK is further encrypted using the KEK (Key Encryption Key), thus, providing yet another layer of security. The keys are generated and maintained by our in-house Key Management Service (KMS).

Learn more about our key management service

What data do we encrypt in Zoho Analytics?

We encrypt the data marked as PII (Personally Identifiable Information), ePHI (Electronically Protected Health Information),and the credentials used for importing and exporting data to the other destinations and sources, respectively.

Full Disk Encryption

Besides application-layer encryption, full disk encryption is available in our IN (India), AU (Australia), and JP (Japan) data centers.

Learn more about Full Disk Encryption

Marking Personal Data

Zoho Analytics allows you to mark columns as Personally Identifiable Information (PII). This could be any information that could potentially identify an individual, for example. Name, Email, Job role, Company name etc. When a column is marked as PII, additional care will be taken in handling such data. The data will be encrypted and saved in our servers. The below-animated image shows how to mark a column as PII.

While exporting views, columns marked as PII are not selected by default. Users will have to select columns manually. This acts as an additional measure to safeguard the data.