OnScale uses AWS’s industry-leading data encryption schemas to encrypt data while in transit via SSL with 256-bit AES encryption. Data is also encrypted when stored in private buckets on S3. At no point is sensitive customer data decrypted during transfer or storage. Simulation jobs run in private, closed containers that are inaccessible outside of AWS with hardware level encryption.
Encryption key management is provided by AWS Key Management System (KMS). Encryption keys are created locally when a user first authenticates OnScale on his or her local machine. Keys are never shared with OnScale, and KMS provides the encryption schema to protect data during transit and also when data is stored within private AWS S3 buckets.
Identity management is provided by AWS Cognito which includes optional Multi-Factor Authentication (MFA). User data is stored on the AWS platform and OnScale does not retain any user identity or authentication data.