Add KB article: Does NDC encrypt data at rest and in transit?#740
Merged
Add KB article: Does NDC encrypt data at rest and in transit?#740
Conversation
## Summary Adds a customer-facing KB article for Netwrix Data Classification covering encryption of data at rest and in transit. ## Notes - Customer-facing wording only - Excludes internal implementation details - Covers protected stored data, transport security, authentication, and optional extracted text encryption
hilram7
requested changes
Apr 13, 2026
Collaborator
hilram7
left a comment
There was a problem hiding this comment.
Hi! Before this is merged, the article needs a few structural changes to match our KB style guide — kb_style_guide.md is in the root of the docs/ folder for reference.
- Frontmatter — The article is missing its frontmatter block entirely. All KB articles require: title, description, sidebar_label, keywords, products, tags (must include kb), and knowledge_article_id [if originally from SF or ZD]. See the example block in the style guide's Frontmatter section.
- Article structure — The current sections (## Summary, ## Applies To, ## Information, ## Resolution, ## Additional Information) don't match any of the defined article types. Since this answers a yes/no customer question, the closest fit is the How-To Q&A format, which uses ## Question and ## Answer as the main sections.
- Title — Product names belong in the product's frontmatter field, not the title. Remove "Netwrix Data Classification (NDC)" from the title and define the NDC abbreviation on first use in the article body instead.
To help, here's a revised draft you can:
- Review, and if it looks good to you, then copy/paste into the PR's current file.
- Click the Files changed section at the top of your PR.
- Navigate to the top-right corner of the file and click the three dots.
- Select Edit file to update the draft in a new commit.
---
title: "Data Encryption at Rest and in Transit"
description: >-
Netwrix Data Classification (NDC) supports encryption for sensitive data
at rest and in transit, including credentials, tokens, and API keys.
This article describes NDC's encryption methods, authentication support,
and deployment considerations.
sidebar_label: "Data Encryption at Rest and in Transit"
keywords:
- encryption
- data at rest
- data in transit
- AES
- TLS
- HTTPS
- credentials
- Netwrix Data Classification
- NDC
- security
- cryptography
- certificates
products:
- data_classification
tags:
- kb
knowledge_article_id: kA0Qk000000XXXXKAA
---
# Data Encryption at Rest and in Transit
## Question
Does Netwrix Data Classification (NDC) encrypt data at rest and in transit?
## Answer
Yes. NDC supports encryption for sensitive data both at rest and in transit, depending on deployment configuration.
### Data at Rest
NDC encrypts sensitive stored data to protect it from unauthorized access. This includes:
- System credentials
- Connector secrets
- OAuth tokens
- API keys
- Client secrets
- Private keys
- Passwords
- Certificate thumbprints
NDC also supports optional encryption of extracted text data. Organizations can enable this when required by their security policy.
### Data in Transit
NDC supports secure communication methods to protect data in transit. This includes:
- HTTPS for web application traffic
- HTTPS for API communication
- Encrypted database connections, where configured
- HTTPS for supported cloud integrations
- TLS/SSL for outbound SMTP, where configured
- Encrypted communication between internal services
### Authentication
NDC supports the following authentication methods:
- Windows Authentication
- Forms Authentication
- Azure AD
- SAML
Authentication-related data is protected using established platform security controls.
### Cryptographic Standards
NDC includes standard cryptographic capabilities to support secure product operation:
- AES encryption for sensitive stored data
- SHA-256 for hashing operations
- X.509 certificate support for certificate-based scenarios
- Secure key exchange for distributed deployment scenarios
### Deployment Considerations
Core encryption for sensitive data handling does not require additional configuration. Customers with specific security or compliance requirements
should review their deployment configuration to confirm that optional settings are enabled per organizational policy:
- HTTPS enforcement
- Database transport encryption
- SMTP encryption
- Extracted text encryption
> **NOTE:** Actual encryption behavior may vary depending on deployment architecture and configuration. For environment-specific validation, review the
deployed settings in your environment or contact Netwrix Support.
Updated the document to provide detailed information about Netwrix Data Classification's encryption methods for data at rest and in transit, including authentication methods and deployment considerations.
hilram7
approved these changes
Apr 13, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds a customer-facing KB article for Netwrix Data Classification covering encryption of data at rest and in transit.
Notes