Pega Cloud services uses data-at-rest encryption (DARE) in all Pega Cloud services to help you secure your application data, as well as to help you comply with industry-standard security requirements. "Data at rest" refers to any content that is saved the cloud service.
Encryption of data at rest is implemented across all of the service. All data, including client data stored in volumes, databases, and S3 buckets within the cloud service, is encrypted using 256-bit AES encryption. Depending on your subscription agreement, Pega Cloud stores your data using per client or service-specific encryption keys.
The keys are securely stored in Amazon KMS. Pega uses an automated annual key rotation schedule. Pega is committed to provide the highest level of data security protocols to meet client satisfaction, including support for client-provided key-encryption upon request.