CIAM protects user data through three mechanisms: system key algorithm, key rotation, and sensitive data masking. This document explains how each mechanism works and how to configure them to meet your enterprise security and compliance requirements.
Data security components
CIAM's data security protection consists of the following components:
| Component | Purpose |
|---|---|
| System key algorithm | Manages encryption algorithms for all data at rest in your system |
| Key rotation | Replaces existing data keys to respond to security incidents or proactive security hardening |
| Sensitive data masking | Restricts visibility of personal data fields in the console to authorized users only |
System key algorithm
The System key algorithm section in the console shows the encryption algorithms and related information used for all encrypted data in your system. The encryption service is generally set to default.
To use Key Management Service (KMS) keys instead of the default configuration, contact the IDaaS team.
Key rotation
Key rotation replaces existing data keys with new ones when a security issue is anticipated or has occurred, providing your data with the strongest available protection.
Rotate a data key
Go to Risk Governance > Data Security > Key Rotation. This page shows current key information and all historical key records.
Click Update Key.
In the pop-up card, enter a new key version name, then click Save.
Sensitive data masking
Many user data fields are sensitive — including name, gender, age, and certificate number. Sensitive data masking hides these fields in the console so that only designated people with permission to view sensitive data can see unmasked data.
Enable sensitive data masking
In Risk Governance > Data Security > Sensitive Data Masking, turn on the Enable Sensitive Data Masking switch.
Grant an administrator permission to view personal data
Go to Settings > Other Settings.
Find the target administrator and click Edit in the operation column.
If the administrator has permission to view account information, toggle the View Privacy Data switch as needed.
Click Save.