• EnglishEspañol日本語한국어Português
  • Log inStart now

Data encryption

Whether your data is in transit to New Relic or at rest in our storage, we apply strong encryption measures to help prevent unauthorized access, threats, or theft. FIPS 140-2 compliant encryption standards (using validated cryptographic modules) are available in AWS US and AWS EU regions.

New Relic is authorized for Moderate Impact SaaS Services (FedRAMP Authorized Moderate) for accounts that meet specific criteria. As a cloud service provider, we are committed to ensuring our compliance with FedRAMP's requirements for the confidentiality, integrity, and availability of your data.

This document describes our data encryption methods, including who gets it, what data is encrypted, and how it works. For more information, see our security documentation and Security website, or contact your account representative.

Encryption in transit

All New Relic customers benefit from the security provided with data encryption in transit. TLS is required for all domains.

Encryption in transit

Comments

Who gets it

Data encryption in transit is automatically included in all New Relic subscriptions.

What data is encrypted

Encryption in transit applies to our agents and APIs. This also applies to any third-party telemetry sources that use TLS with New Relic, such as Prometheus OpenMetrics and other integrations.

How it works

Uses industry-standard transport layer security (TLS). Our preferred protocol for all domains is TLS 1.3. For more information about data transmission, firewalls, hosting, and storage, see our data security documentation.

Encryption at rest

New Relic provides additional security by encrypting all data at rest. FIPS 140-2 compliance is available, if requested.

Encryption at rest

Comments

Who gets it

Free for all New Relic customers wherever data is stored

What data is encrypted

Applicable data at rest

How it works

New Relic applies encryption to the data stored. For example, data in AWS and Azure is encrypted using an AES-256 block cipher, which can be implemented in a FIPS-validated cryptographic hardware module.

Encryption keys are generated using the hardware module and are unique to each instance storage device. All encryption keys are destroyed when the instance stops or terminates, and they cannot be recovered. As additional security measures:

  • Encryption at rest cannot be disabled.
  • External encryption keys cannot be provided.
Copyright © 2024 New Relic Inc.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.