Question regarding encryption at rest
We are interested in subscribing to sonarcloud, and have a detail question on “encryption at rest”.
The security docs say:
“We are sometimes asked if we implement encryption at rest on our servers; we do not. Storage encryption protects only against physical access to storage media. Considering the policies and controls in place in the Tier-4 data centers where SonarCloud is hosted, the value of using storage encryption on servers is extremely low. Encrypting at the database or the application level will impact the performance and the rich functionality provided by our service. That said, we do encrypt our S3 buckets using Server-Side Encryption with AWS S3-Managed Keys.”
Obviously there is some sort of storage encryption at rest: the s3 buckets. Now we’d like to know, which sort of data are you storing in the s3 buckets? Is it the source code? If yes, is the source code only stored in the s3 bucket? This is of importance for us, as we may avoid compliance issues, if the source code is encrypted at rest. Analysis protocols are regarded as less critical.