Shield supports encryption of your data residing in data stores managed by Reltio in AWS using Customer Managed Key (CMK). By default, your data stored in Reltio managed data stores is encrypted using the cloud provider platform native encryption technologies.

Shield encrypts the files used by data stores within Reltio. To encrypt and decrypt data, secret encryption keys are used. Encryption keys are never written to disk by Reltio services, reducing the chance of potential compromise. Instead, special agents hold the keys in memory. This increases the key security.

Key rotation is the process of moving to a new encryption key. This may be triggered manually during a security incident, or automatically according to a defined schedule. Key rotation limits the exposure of data if a key is compromised. Because re-encrypting data can take some time for large volumes of data, Shield allows data to be re-encrypted without blocking access to live data. Re-encryption is performed as a background process. Shield manages this background job on behalf of the customer. The Key Rotation Period can be set between six months (180 Days) and 2 years (730 Days).

Shield can be accessed by Shield Administrators (for granted tenants) and authorized Reltio Information Security (InfoSec) team members. Access of Shield is logged and audited (by the InfoSec team).

Yes, you must have the ROLE_ADMIN_SHIELD role to make the Shield API requests.

Shield is for customers who need an additional layer of security to safeguard their data residing in Reltio data stores. It enables you to add an enhanced level of encryption for data at rest (beyond the standard encryption). Shield lets you manage keys & policies in accordance with your organizational requirements using Customer Managed Key(CMK). Shield helps your organization comply with the privacy policies, regulatory requirements, and contractual obligations for handling sensitive data.

Shield is an add-on subscription to your base license. To get a quote, contact sales@reltio.com.