Data Encryption – At Rest and In Transit

🔐 Data Encryption – At Rest and In Transit

➡️ Purpose

To ensure the confidentiality and integrity of customer data stored and transmitted across Jisr’s cloud-native infrastructure by implementing robust encryption controls aligned with industry best practices and regulatory requirements.

🔐 Encryption at Rest

Overview:
Encryption at rest protects customer data stored on physical media (e.g., SSDs, disks, backups) from unauthorized access.
 

Jisr Implementation:

• All customer data is encrypted at rest by default:
  • In Google Cloud Platform (GCP) for data hosted within Saudi Arabia.
  • In Amazon Web Services (AWS) for data hosted outside the Kingdom.
• Encryption is applied at the storage layer using AES-256 encryption.
• GCP utilizes the Tink cryptographic library, which includes BoringCrypto, a FIPS 140-2 validated module, to ensure consistent encryption across services.
• All disks, snapshots, and backups are encrypted automatically.

📎 For more details: GCP Default Encryption Documentation

🔐 Encryption in Transit

Overview:
Encryption in transit protects data as it moves between systems, users, and environments.

Jisr Implementation:

• All communication between services, clients, and APIs is secured using Transport Layer Security (TLS).
• Only TLS 1.2 and TLS 1.3 protocols are supported.
• All public-facing services use HTTPS.
• Internal services leverage secure communication channels, including mutual TLS (mTLS) where required.
   
   

✅ Summary of Encryption Controls