Encrypting protected data in the cloud

When the Workforce Management application is running in Commercial Cloud or GovCloud mode, AWS Key Management Service (AWS KMS) is used to encrypt the keys that are used in the application to encrypt your data.

To protect the data keys that are used to encrypt your data, the data keys are encrypted by another key, known as a master key. For cloud deployments, the master key is stored and managed securely in the AWS KMS. The master key, known as a customer master key in AWS KMS, can only be accessed through AWS KMS.

When encrypting, WFM calls AWS KMS to obtain the value of the encrypted data key and uses it to produce the encrypted value of the data. The same process is used for decryption.