9. Cryptography

At Thru, we employ robust cryptographic measures to protect data confidentiality, integrity, and authenticity throughout our Managed File Transfer service. Our cryptographic practices adhere to industry standards and best practices, ensuring the highest level of security for our customers' sensitive information.

9.1      Encryption standards (in transit and at rest)

Thru’s system provides end-to-end encryption for data files in transit and at rest. For additional security, file payloads may also be encrypted.

9.1.1     In Transit

Data in transit over HTTPS is protected using TLS 1.2 and later; transit over SFTP is protected using SSH; transit over FTP is protected using TLS.

9.1.2     At Rest 

• All data stored in the Thru cloud platform is encrypted by AES 256-bit FIPS-2 compliant encryption keys.

• Encryption policies isolate storage per tenant and protect customer data from access by platform administrators and data center operators.

9.1.3     File Payload

• PGP encryption option is supported for file transfer payloads.

9.2      Key management practices

• SSH and PGP keys can be generated or imported and managed via administration web portals

• SSL client certificate support for FTPS connections.

• Only trusted (including customer provided) Certificate Authorities (CAs) are used

• In multi-tenant instances of Thru, the files stored at-rest are encrypted using the keys which are automatically generated and managed by Azure.

• For instances of Thru deployed in a customer's private cloud, keys for files encrypted at rest are stored in the cloud platform key vault and can be managed by the customer.