Does the cloud server use end to end encryption and is the cloud data also encrypted?

Edwin Smith November 2, 2015

The security page mentions the communications are 256 bit SSL however it is not clear if the encryption is complete end our end encryption and if the data that is stored on the server is itself encrypted using a private key.

Our security recommendations state we can use cloud services but the encryption should be end to end and the data stored on the cloud should be encrypted using a key unique to our company so if any data was accessed it would not be readable unless someone had the company decryption key.

Could the page on security be updated or more details be give here? 

Having more details will definitely help with decisions about licensing the service for our chat solution. I am sure it will likely help other companies make a similar decision.

1 answer

1 vote
wdehaan
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
November 2, 2015

Hi @Edwin Smith,

HipChat uses TLS transport for web, XMPP and mobile notifications. The cloud product does not use a unique per-customer key for encrypting data at rest.

HipChat Server can be deployed in your own AWS account or servers and that may allow you to meet your security policy needs.

Edwin Smith November 2, 2015

Can you clarify if the chat data stored on the server is always encrypted or not. I understand it is not encrypted by a unique key but it's not clear to me if just the logins are encrypted or if all HipChat chat data stored on the Cloud server is encrypted using a standard server wide key.

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events