Bring Your Own Key Encryption
The Bring Your Own Key (BYOK) feature in Magnit VMS allows you to encrypt data for a client organization where the client has custody of the encryption key and controls the encryption process. Sensitive data fields in the application's database are encrypted. The encryption includes 48 data fields that may contain personal data for candidates, workers, managers, engagements and client organizations.
- 8-00 PM - 08-00 AM CET for EU Magnit VMS
- 6-00 PM - 08-00 AM PT for US Magnit VMS
The system uses the AES (Advanced Encryption Standard, ISO/IEC 18033-3). The key can be either AES-256 or AES-192. A key can be generated by the system, or input by a user. The key may be uploaded as an encrypted file using a Magnit public key.
It is important to note that enabling encryption affects the Reporting module in the VMS. Once enabled, only reports that support the reading of encrypted fields in the database are visible to users. See Reporting.
The administrator role is applied to client manager users during user creation, or set in the user's account information. A list of BYOK administrators appear in the BYOK configuration for the client organization (Client User Permissions.
). For more information about the BYOK Admin role, seeAlong with sensitive field visibility in the user interface, you can also apply encryption to a client organization's custom fields using the feature. Only new custom fields configured after the feature is enabled can be encrypted. For more information about custom field encryption, see Add Custom Fields.
The encryption does not include passwords, security answers, or supplier banking information. It is also important to note that an administrator can rotate a key value as needed, or remove a key value with or without encryption. If an administrator revokes a key value without setting the decryption option, any native or custom fields that have been previously encrypted remain encrypted in the user interface. See Rotate Encryption Key and Revoke Encryption Key.
The system uses email notifications to BYOK administrators when actions are taken within the feature (for example, key changes). See Encryption Notifications.