We asked our CSM these questions and received the generic information about best practices being followed. Our need for this information is to inform our compliance team to complete a control doc for a SOC audit.
We need to better understand which DB technology is used, which DB fields are encrypted, and the encryption keys are managed and rotated?
Since Saviynt doesn't have access to our data, is it safe to assume that they do not have access to the encryption key(s) used?
Hi @steve_crawford ,
From past experiences I figured out that Saviynt was using MySQL as DB technology. I believe this is still the case as of now.
For encryption, these are the ones I remember :
Hope this answers part of your question.