The security page mentions the communications are 256 bit SSL however it is not clear if the encryption is complete end our end encryption and if the data that is stored on the server is itself encrypted using a private key.
Our security recommendations state we can use cloud services but the encryption should be end to end and the data stored on the cloud should be encrypted using a key unique to our company so if any data was accessed it would not be readable unless someone had the company decryption key.
Could the page on security be updated or more details be give here?
Having more details will definitely help with decisions about licensing the service for our chat solution. I am sure it will likely help other companies make a similar decision.
Hi @Edwin Smith,
HipChat uses TLS transport for web, XMPP and mobile notifications. The cloud product does not use a unique per-customer key for encrypting data at rest.
HipChat Server can be deployed in your own AWS account or servers and that may allow you to meet your security policy needs.
Can you clarify if the chat data stored on the server is always encrypted or not. I understand it is not encrypted by a unique key but it's not clear to me if just the logins are encrypted or if all HipChat chat data stored on the Cloud server is encrypted using a standard server wide key.
...from the beginning. We have built up a lot of content in HipChat, with it being a core tool in our distributed company model. While it is true that we didn’t need to move to Slack immediately, we felt it...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs