cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
auerbach
Community Participant

Is Canvas Data encrypted at rest?

I can't find anything in the documentation discussing encryption for Canvas Data. When the data is instantiated in Redshift, is encryption enabled to protect data at rest? Is there any encryption on the flat file repository?

Glenn Auerbach

University of Michigan

3 Replies
ccoan
Instructure
Instructure

Hello Glenn,

Canvas Data currently has flat file repository currently has an S3 Bucket encryption policy set on the server side from loading, and translating those flat files. When downloaded over HTTPS it meets the encryption in transit.

As for Redshift instances they communicate over SSL for encryption in transit, and it is on the todo list to implement at rest encryption for redshift, as well as enforce encryption on the server side policy. As for who can connect to your redshift instance it is only users in your Canvas Data portals due to the way AWS sets ups Users, and have their IAM. If you have further questions you can contact Canvas Support, your CSM, or IC.

mary_speight
Community Participant

Has this been implemented?

Hosted Canvas Data files are stored with Server-Side Encryption with Amazon S3-Managed Encryption Keys (SSE-S3)

The files are downloaded over HTTPS as Cynthia (ccoan) mentioned.

The files themselves are not encrypted.