Data Encryption

Encryption in Transit (HTTPS) 

All data transmitted between Talenteria clients, APIs, and backend services is encrypted in transit using HTTPS with Transport Layer Security (TLS). 

Talenteria enforces: 

  • HTTPS for all web and API traffic
  • Minimum TLS version: 1.2
  • Strong, industry-standard cryptographic ciphers 

TLS encryption protects data confidentiality and integrity during transmission and mitigates risks such as interception and man-in-the-middle attacks. Encryption in transit is applied automatically and transparently and aligns with industry best practices and compliance requirements, including FIPS 140-2–compliant cryptography.

SQL DBs (data storage) 

Storage type: Premium SSD LRS 

Security type: Standard 

Encryption type: Platform-managed key 

Azure managed disks are encrypted with Azure Storage encryption, which uses server-side encryption (SSE) to protect your data and to help you meet your organizational security and compliance commitments. Azure Storage encryption automatically encrypts your data stored on Azure managed disks (OS and data disks) at rest by default when persisting it to the cloud. 

Data in Azure-managed disks is encrypted transparently using 256-bit AES encryption, one of the strongest block ciphers available, and is FIPS 140-2 compliant. 

All managed disks, snapshots, images, and data written to existing managed disks are automatically encrypted-at-rest with platform-managed keys. Microsoft manages platform-managed keys. 

Details: https://learn.microsoft.com/en-us/azure/virtual-machines/disk-encryption 

Azure Storage (document storage) 

Require secure transfer for REST API operations: Enabled 

Storage account key access: Enabled 

Minimum TLS version: Version 1.2 

Infrastructure encryption: Disabled The data is encrypted using two primary methods: Transport Layer Security (TLS 1.2) for data in transit and Server-Side Encryption (SSE) with Microsoft-managed keys for data at rest. Azure Storage uses service-side encryption (SSE) to automatically encrypt the data when it's persisted to the cloud. Azure Storage encryption protects the data and helps you meet your organizational security and compliance commitments. Data in Azure Storage is encrypted and decrypted transparently using 256-bit AES encryption, one of the strongest block ciphers available, and is FIPS 140-2 compliant. Azure Storage encryption is similar to BitLocker encryption on Windows. Azure Storage encryption is enabled for all storage accounts, including both Resource Manager and classic storage accounts. Azure Storage encryption cannot be disabled. 

Data in a storage account is encrypted regardless of performance tier (standard or premium), access tier (hot or cool), or deployment model (Azure Resource Manager or classic). All new and existing block blobs, append blobs, and page blobs are encrypted, including blobs in the archive tier. All Azure Storage redundancy options support encryption, and all data in both the primary and secondary regions is encrypted when geo-replication is enabled. All Azure Storage resources are encrypted, including blobs, disks, files, queues, and tables. All object metadata is also encrypted. 

Details: https://learn.microsoft.com/en-us/azure/storage/common/storage-service-encryption