Skip to main content

Data-at-rest encryption in Pega Cloud

Suggest edit Updated on December 1, 2021

Pega Cloud services uses data-at-rest encryption (DARE) in all Pega Cloud services to help you secure your application data, as well as to help you comply with industry-standard security requirements. "Data at rest" refers to any content that is saved the cloud service.

Encryption of data at rest is implemented across all of the service. All data, including client data stored in volumes, databases, and S3 buckets within the cloud service, is encrypted using 256-bit AES encryption. Depending on your subscription agreement, Pega Cloud stores your data using per client or service-specific encryption keys.

The keys are securely stored in Amazon KMS. Pega uses an automated annual key rotation schedule. Pega is committed to provide the highest level of data security protocols to meet client satisfaction, including support for client-provided key-encryption upon request.

Did you find this content helpful? YesNo

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Ready to crush complexity?

Experience the benefits of Pega Community when you log in.

We'd prefer it if you saw us at our best. is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us