Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Encryption for data in transit

Marcel
New Contributor III
New Contributor III

‎05/15/2023 12:58 AM

Looking at the available documentation:

https://docs.saviyntcloud.com/bundle/EIC-Architecture/page/Content/Saviynt-Architecture.htm#Visibili
https://forums.saviynt.com/t5/identity-governance/encryption-used-in-saviynt-cloud-for-the-data-pres...

Saviynt supports data encryption in transit via SSL (and VPC / VPN). Strong encryption schemes such as AES (256 / 128 bit) and 3DES are supported. Data at rest is encrypted via native DB encryption. Currently, only predefined data fields are encrypted at rest.

From our logs we can see that Saviynt is using port 8080 which (usually) means unencrypted HTTP traffic. Why is Saviynt not using encryption in transit as advertised?

0 Kudos
7 REPLIES 7

Rishi
Saviynt Employee
Saviynt Employee

‎05/17/2023 06:40 AM

@Marcel which logs you are referring to where 8080 port is used, please provide more details. (remember to mask any PII data while providing details)

0 Kudos

Marcel
New Contributor III
New Contributor III

‎05/17/2023 08:13 AM - edited ‎05/17/2023 08:14 AM

Hi @Rishi ,

The logs I'm referring to are the Saviynt application logs. (Admin --> Admin Function --> Application logs)
Both ECM and Ingress-nginx tell me that port 8080 is used:

Marcel_0-1684336371900.png

 

Preview file
145 KB
0 Kudos

Rishi
Saviynt Employee
Saviynt Employee
In response to Marcel

‎05/18/2023 09:04 AM

These are internal communication between services - Internally micro services talk to one another in huge numbers per second which are non ssl but the traffic doesn't go outside cluster. Internal ms talks to each other on non-ssl port as certificate based encryption/decryption is not needed if the traffic is within cluster and if enforced, then there will be huge latency as encryption/decryption is a costly process. Any traffic that goes outside or comes inside cluster happens on ssl port only and is enforced at infra level.

0 Kudos

Marcel
New Contributor III
New Contributor III

‎05/21/2023 09:37 PM

Then why is Saviynt advertising that all data in transit is encrypted? This is not how the product was sold to us!

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to Marcel

‎05/22/2023 02:30 PM

8080 port needs to be encrypyed ?


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

Rishi
Saviynt Employee
Saviynt Employee

‎05/22/2023 08:42 AM - edited ‎05/22/2023 09:28 AM

This is communication between two services within the application. Any transaction data from application or to application are always encrypted.

As far as security is concerned this not cause any issue. Let us know if you have any follow-up question or concerns.

 

0 Kudos

Marcel
New Contributor III
New Contributor III

‎05/23/2023 01:39 AM - edited ‎05/23/2023 01:40 AM

You are claiming it is "not required", but it is being sold as "encrypted in-transit".
Even data in-transit between (micro)services should always be encrypted, as it still is an attack vector and we were promised that it would be encrypted.

If you are riding on a train from China to Finland, you don't want the carriage to suddenly disappear around you while in Russia. You are still moving, but don't have any protection against the bullets flying around.

0 Kudos
Copyright © 2024 Khoros, LLC