Data encryption in Adobe Experience Platform

Adobe Experience Platform is a powerful and extensible system that centralizes and standardizes customer experience data across enterprise solutions. All data utilized by Platform is encrypted in transit and at rest to keep your data secure. This document describes Platform’s encryption processes at a high level.

The following process flow diagram illustrates how data is ingested, encrypted, and persisted by Experience Platform:

Data in transit

All data in transit between Platform and any external component is conducted over secure, encrypted connections using HTTPS TLS v1.2.

In general, data is brought into Platform in three ways:

  • Data collection capabilities allow websites and mobile applications to send data to the Platform Edge Network for staging and preparation for ingestion.
  • Source connectors stream data directly to Platform from Adobe Experience Cloud applications and other enterprise data sources.
  • Non-Adobe ETL (extract, transform, load) tools send data to the batch ingestion API for consumption.

After data has been brought into the system and encrypted at rest, it can then be enriched by Platform services and brought out of the system in the following ways:

Data at rest

Data that is ingested and used by Platform is stored in the data lake, a highly granular data store containing all data managed by the system, regardless of origin or file format. All data persisted in the data lake is encrypted, stored, and managed in an isolated Microsoft Azure Data Lake Storage instance that is unique to your organization.

For details on how data at rest is encrypted in Azure Data Lake Storage and Cosmos DB, see the official Azure documentation.

Next steps

This document provided a high-level overview of how data is encrypted in Platform. For more information on security procedures in Platform, see the overview on governance, privacy, and security on Experience League, or take a look at the Platform security whitepaper.

On this page