Skip to main content

What encryption does the Cado platform use in AWS?

General

The default VPC and Subnet create an isolated environment to which customers can control access rights. When processing data, the Cado worker instances are launched within the same VPC as the main Cado instance. Worker instances are started using the same AMI as the main Cado instance as well.

AWS

During deployment, by default, an S3 bucket, a VPC and a Subnet are created for use by the Cado solution.

During deployment, a default S3 bucket for collections is created. This can be customized, including to use an existing bucket, but by default the created S3 Bucket is encrypted with server-side encryption using AES256 (SSE-AES256 - See Protecting data with server-side encryption. Attached EBS volumes are encrypted using KMS. Access to EFS/NFS is over TLS . Secrets are stored using AWS Secrets Manager.

Some settings can be customized, and you may wish to enable key rotation as well .