• 로그인지금 시작하세요

Data encryption

Whether your data is in transit to New Relic or at rest in our storage, we apply strong encryption measures to help prevent unauthorized access, threats, or theft. This includes FIPS 140-2 compliance as well as security accreditation for the Federal Risk and Authorization Management Program (FedRAMP).

New Relic is authorized for Moderate Impact SaaS Services (FedRAMP Authorized Moderate) for accounts that meet specific criteria. As a cloud service provider, we are committed to ensuring our compliance with FedRAMP's requirements for the confidentiality, integrity, and availability of your data.

This document describes our data encryption methods, including who gets it, what data is encrypted, and how it works. For more information, see our security documentation and Security website, or contact your account representative.

Encryption in transit

All New Relic customers benefit from the security provided with data encryption in transit. TLS is required for all domains.

Encryption in transit

Comments

Who gets it

Data encryption in transit is automatically included in all New Relic subscriptions.

What data is encrypted

Encryption in transit applies to our agents and APIs. This also applies to any third-party telemetry sources that use TLS with New Relic, such as Prometheus OpenMetrics and other integrations.

How it works

Uses industry-standard transport layer security (TLS). Our preferred protocol for all domains is TLS 1.2. For more information about data transmission, firewalls, hosting, and storage, see our data security documentation.

Encryption at rest

New Relic provides additional security by encrypting all data at rest (FIPS 140-2 compliant).

Encryption at rest

Comments

Who gets it

Free for all New Relic customers wherever data is stored

What data is encrypted

Applicable data at rest

How it works

New Relic relies on the strongest cryptography available wherever your data is stored. For example, data in AWS is encrypted using an XTS-AES-256 block cipher implemented in a FIPS-validated cryptographic hardware module. Encryption keys are generated using the hardware module and are unique to each instance storage device. All encryption keys are destroyed when the instance stops or terminates, and they cannot be recovered. As additional security measures:

  • Encryption at rest cannot be disabled.

  • External encryption keys cannot be provided.

    Some customers continue to leverage additional encryption at rest mechanisms. If you have questions, please reach out to your account team.

Copyright © 2022 New Relic Inc.