Zuora Protect - BYOK Data Encryption for Zuora Billing

By Lana Lee posted 03-28-2024 13:09


On March 26th, Principal Product Manager, Bharath Marimuthu held a Table Talk on Zuora Protect - our comprehensive suite of security features designed to enhance data protection, privacy, and compliance capabilities within Zuora. It provides your organization with advanced tools to safeguard sensitive information, prevent unauthorized access, and maintain the integrity of your data. 

View Presentation | Watch Full Video

Enterprise-Grade Security for All Zuora Customers

Watch video to learn more

There already exists enterprise-grade security for all customers within Zuora’s core as a security operations center and for incident response.

Security Operations Center

Encryption - Data Security

  • Encryption in Transit

  • Encryption at Rest

  • HSM Encryption

  • Data Deletion

  • Data Scrubbing

  • Role Based Access Control

Auditing - Host Security

  • Host-Based Intrusion Detection System

  • Centralized Logging

  • Centralized Alerting

  • Patch Management

  • Hardening Standards

  • Insider threat monitoring

Incident Response

Isolation - Network Security

  • 2-Factor Authentication

  • Network Firewall

  • Network Intrusion Detection System

  • Network Segregation

  • Network Penetration Testing

  • Public Key Infrastructure and Certificates

Authorization - Application Security

  • Web Application Firewall

  • Runtime Application Self-Protection

  • Threat Modeling

  • Secure Code Training

  • Static Code Analysis

  • Application Penetration Testing

Industry-Leading Audit and Compliance Processes

Watch video to learn more

Zuora is compliant with the following out-of-the-box:

Zuora Compliance

Why Protect Zuora? Cost Of Data Breach Is Substantial

Watch video to learn more

Cyberattacks are increasing 30% YoY and in 2023 alone, there were thousands of global cyberattacks exposing several TBs of data. But there’s more to cyberattacks than losing data - there’s also a loss of customer trust and hefty fines. For example, under the EU's General Data Protection Regulation (GDPR), companies can be fined up to €20 million or 4%, whichever is higher, for data breaches.

  • The global average cost of a single data breach in 2023 was USD 4.45 million, a 15% increase over 3 years.
  • 65% of consumers stated that they lost trust in a company following a data breach. Trust affected customer loyalty, reduced revenue, and long-term brand damage.

The average savings for organizations that use additional security automation is USD 1.76 million compared to organizations that don't, so it's vital for organizations to find the best cyberattack solutions.

Proactively Protect with Zuora Protect™ 

Watch video to learn more

Zuora Protect allows you to manage your own encryption keys without any additional cost to protect

  • Against Sensitive Regions - Address obstacles such as data sovereignty and adhere to data localization laws when managing data stored in a sensitive geopolitical region with Zuora Protect.
  • Custom Data - Ensure your custom objects and fields are treated like first class citizens in Zuora, by way of a simple sensitive data checkmark.
  • Country Residency Needs - Enable safeguards data from unauthorized access and ensure compliance with data protection regulations like GDPR and HIPAA.
  • For Your Industry Governance - Enhance your security position with a robust set of security features and alleviate the difficulties linked to overseeing intricate security systems
  • To Differentiate Your Offering - Implementing Zuora Protect demonstrates a commitment to data security and privacy, which can enhance trust and confidence among customers, partners, and stakeholders

Zuora Protect Features

Watch video to learn more

  • Geo fencing - Manage Zuora accessing your data from sensitive geopolitical regions
  • BYOK Encryption - Encrypt your sensitive data with your own encryption keys
  • Enhanced audit trail - Audit by precision with longer retention periods ensuring you exceed niche regulations. 
  • Event monitoring - Real-time monitor and alerting of suspicious activity within your Zuora systems.

BYOK as Part of your Multi-Tiered Security

The user interface layer allows you to generate, rotate, and securely administer your encryption keys directly from the Zuora user interface. Zuora Protect’s unique Envelope encryption technique, striking a balance between enhanced security and optimal performance.

Zuora Protect BYOK

Demonstration: BYOK Encryption Keys in Zuora Protect

In order to leverage Zuora Protect, your organization must be on OneID. Watch this video for a brief OneID overview.

Watch Demonstration

Zuora Protect - BYOK Data Encryption for Zuora Billing

How Zuora BYOK Encryption Works

Watch video to learn more

At Zuora, we use envelope encryption where you have your data and Zuora generates the data key - automatically rotated every 90 days - to encrypt the data which is further encrypted by your encryption key (“Master Key”). When you rotate your key, you are rotating your Master Key while the data key associated with your data remains the same. The combination of the Zuora-generated data key and your master key is the encrypted key that is stored in our database.

How BYOK Encryption Works

Zuora Protect Advantages

Watch video to learn more

  • Auditability and Compliance - Enhances your audit capability. Each data key can be associated with specific pieces of data or operations, allowing for detailed logging and auditing of key usage. This can be valuable for compliance with regulatory requirements.
  • Improved Security - Even if an attacker gains access to the encrypted data, they would still need to decrypt the data key using the master key before decrypting the actual content. This adds an extra level of complexity to unauthorized access attempts.
  • Key Rotation and Key changes - Facilitates key rotation without having to re-encrypt the entire dataset and you can simply re-encrypt the data keys. This is particularly useful for complying with security best practices and regulations that recommend or mandate regular key rotation
  • Scalability - Zuora protect’s BYOK encryption is scalable, allowing you to encrypt large datasets efficiently. The use of data keys for individual pieces of data enables parallel processing and encryption, contributing to better performance and scalability

Bonus Demonstration: Audit Logs in Zuora Protect

Watch Demo: Audit Logs

Zuora Protect - BYOK Data Encryption for Zuora Billing

Empower Your Business with Zuora Protect

Add additional security to sensitive data, meet compliance and industry regulations and meet regulatory requirements, mitigate risks, and build trust with your customers with Zuora Protect. This add-on feature not only encrypts sensitive data at rest and manages keys with the Zuora Platform Encryption but also monitors and ensures a secure and compliant environment for your Zuora applications and data. Talk to your account manager to enable Zuora Protect to your environment today.