Encryption protects the data that is used to process jobs. You can use encryption to protect data at rest, temporary data, and data in transit.
Encryption is available for the following types of data:
Data at rest
By default, each cloud platform encrypts staging and log files. For more information, refer to the cloud provider's documentation.
For information about encrypting source and target data, see the help for the appropriate connector.
If you configure an encryption-related custom property in an Amazon S3 V2 connection, the cluster uses the same custom property to read and write staging data.
Temporary data
Temporary data includes cache data and shuffle data that cluster nodes generate.
To encrypt temporary data, enable encryption in the
advanced configuration
. If you enable encryption, temporary data is encrypted using the HMAC-SHA1 algorithm by default. To use a different algorithm, contact Informatica Global Customer Support.
Data in transit
By default, cloud providers use the Transport Layer Security (TLS) protocol to encrypt data in transit to and from cloud storage, including staging data and log files.
When encryption is enabled on Microsoft Azure, you can specify the ABFSS protocol when you configure the staging and log locations in an
advanced configuration
. If encryption is not enabled, you must use the ABFS protocol.