Pega Cloud uses data-at-rest encryption (DARE) in all Pega Cloud environments to help secure your application data and comply with industry-standard security requirements. "Data at rest" refers to any content that the cloud service saves on a hard drive.
Encryption of data at rest is implemented for all sandbox and production environments. All client data stored in volumes, databases, and S3 buckets in a Pega Cloud environment are encrypted with 256-bit AWS encryption. The keys are rotated on a regular basis and are securely stored in Amazon KMS.