Encryption at rest

What is Encryption at rest?

Encryption at rest means sensitive data is stored in encrypted form on disk, so that someone with direct access to the database or its backups cannot read it without the decryption key.

For HR data the most sensitive field is usually pay. Encrypting salary at rest limits the damage if a database or backup is ever exposed, and it is a reasonable expectation for any tool holding compensation data.

It works alongside access controls and an audit log: encryption protects the stored data, permissions limit who can see it in the app, and the log records who looked. HREvio encrypts compensation amounts at rest and masks those fields in the audit log.

Related terms

• GDPR for HR
• HR audit log
• Compensation history and effective dating

See also

• HREvio vs Personio
• HREvio vs BambooHR