Data in Transit 

The service supports only HTTPS communication. The web server is configured to allow only incoming connections protected with TLS 1.2 or higher. A certification authority certificate is used. 

Data at Rest 

All customers’ data hosted in Google Cloud is encrypted using the AES-256 encryption algorithm, including Google Cloud Storage and Cloud SQL Service databases. 

Keys Management 

Encryption keys are managed using Cloud Key Management Service (KMS). Access to Cloud KMS is restricted by role, and strictly managed. Access to the actual keys is prohibited. Encryption keys are customer-specific and are unique for each customer/tenant. The customer does not have access to the Key Management Service nor to managing the keys in the Chronicle SOAR-hosted service environment. Encryption keys are rotated on an annual basis.