We have a few queries regarding Runscope features with relation to one of our clients, about how Cryptography and Encryption take place in Runscope.
1) Does Runscope exist to perform encryption at rest and in transit?
2) Does full disk encryption exist?
3) Is reporting capable and will it be shared with security when requested?
4) Does Runscope prove compliance of the ISMP with reference to all cryptography related controls?
Runscope uses GCP as our Cloud Infrastructure provider.
Runscope data is stored in a Postgres database on GCP.
Runscope uses Secure HTTP (HTTPS) for all communication between the client apps and our servers.
Data is AES-256-GCM/SHA-256 encrypted and sent over TLS 1.2 during transit through HTTP protocol.
Data, depending upon its sensitivity classification, is AES-125, AES-256 encrypted at the application layer prior to storage.
We are also using GPG encryption for backups.