From c57645a8d8ff8b3385f5bde4b7035ff5d3847b84 Mon Sep 17 00:00:00 2001 From: dte-arm Date: Fri, 10 Apr 2026 16:23:29 +0400 Subject: [PATCH] Add KB article: Does NDC encrypt data at rest and in transit? ## Summary Adds a customer-facing KB article for Netwrix Data Classification covering encryption of data at rest and in transit. ## Notes - Customer-facing wording only - Excludes internal implementation details - Covers protected stored data, transport security, authentication, and optional extracted text encryption --- ...ndc-encrypt-data-at-rest-and-in-transit.md | 69 +++++++++++++++++++ 1 file changed, 69 insertions(+) create mode 100644 docs/kb/dataclassification/authentication-and-security/does-ndc-encrypt-data-at-rest-and-in-transit.md diff --git a/docs/kb/dataclassification/authentication-and-security/does-ndc-encrypt-data-at-rest-and-in-transit.md b/docs/kb/dataclassification/authentication-and-security/does-ndc-encrypt-data-at-rest-and-in-transit.md new file mode 100644 index 0000000000..8764e7ae88 --- /dev/null +++ b/docs/kb/dataclassification/authentication-and-security/does-ndc-encrypt-data-at-rest-and-in-transit.md @@ -0,0 +1,69 @@ +# Does Netwrix Data Classification (NDC) encrypt data at rest and in transit? + +## Summary + +Yes. Netwrix Data Classification (NDC) supports encryption for sensitive data both at rest and in transit. + +NDC encrypts sensitive stored data such as credentials, secrets, tokens, and other confidential configuration values before storage. NDC also supports secure communication for web traffic, APIs, database connections, cloud integrations, and outbound email, depending on deployment configuration. + +## Applies To + +- Netwrix Data Classification (NDC) + +## Information + +### Data at Rest + +NDC encrypts sensitive stored data to help protect it from unauthorized access. + +Examples include: +- System credentials +- Connector secrets +- OAuth tokens +- API keys +- Client secrets +- Private keys +- Passwords +- Certificate thumbprints + +NDC also supports optional encryption of extracted text data. This feature can be enabled when required by an organization’s security policy. + +### Data in Transit + +NDC supports secure communication methods to protect data in transit. + +This includes: +- HTTPS for web application traffic +- HTTPS for API communication +- Encrypted database connections, where configured +- HTTPS for supported cloud integrations +- TLS/SSL for outbound SMTP, where configured +- Encrypted communication between internal services + +### Authentication + +NDC supports the following authentication methods: +- Windows Authentication +- Forms Authentication +- Azure AD +- SAML + +Authentication-related data is protected using established platform security controls. + +### Cryptographic Support + +NDC includes standard cryptographic capabilities to support secure product operation, including: +- AES encryption for sensitive stored data +- SHA-256 for hashing-related operations +- X.509 certificate support for certificate-based scenarios +- Secure key exchange support for distributed deployment scenarios + +## Resolution + +No action is required to enable core encryption support for sensitive data handling in NDC. + +Customers with specific security or compliance requirements should review their deployment configuration to confirm that optional settings such as HTTPS enforcement, database transport encryption, SMTP encryption, and extracted text encryption are enabled according to organizational policy. + +## Additional Information + +Actual encryption behavior may vary depending on deployment architecture and configuration. For environment-specific validation, review the deployed settings in your environment or contact Netwrix Support.