We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.

Which DB technology is used to store data and DB fields are encrypted

steve_crawford
New Contributor
New Contributor

We asked our CSM these questions and received the generic information about best practices being followed. Our need for this information is to inform our compliance team to complete a control doc for a SOC audit.

We need to better understand which DB technology is used, which DB fields are encrypted, and the encryption keys are managed and rotated?

Since Saviynt doesn't have access to our data, is it safe to assume that they do not have access to the encryption key(s) used?

Many TIA!
Steve

2 REPLIES 2

adriencosson
Regular Contributor III
Regular Contributor III

Hi @steve_crawford ,

From past experiences I figured out that Saviynt was using MySQL as DB technology. I believe this is still the case as of now.

For encryption, these are the ones I remember :

  • password column in users table.
  • changelog column in usershistory as it is stored in a Long Blob format (but now accessible through Analytics)
  • All the connection details implying credentials : service account password, ConnectionJSON, password policy, etc.

Hope this answers part of your question.

Regards,
Adrien COSSON

steve_crawford
New Contributor
New Contributor

This is helpful, thank you Adrien!