Data protection in Amazon WorkLink - Amazon WorkLink

Data protection in Amazon WorkLink

Amazon WorkLink only stores customer content that is required for Amazon WorkLink, including user names and device (phone) identifiers. No action is required for users to secure their content. Amazon WorkLink secures content by default. All data retention policies and protection standards follow AWS compliance standards.

Data encryption

All customer-specific data within Amazon WorkLink is encrypted at rest and in transit.

Encryption at rest

Encryption at rest is configured by default with KMS keys.

Encryption in transit

Encryption in transit is configured by default with TLS 1.2. Amazon WorkLink only supports secure connections.

Key management

There are currently no options for customers to manage encryption keys.

Interwork traffic privacy

An end user’s connection to the Amazon WorkLink rendering service is TLS. However, the customer controls the encryption on the connection between the Amazon WorkLink rendering service and a customer's site. Although we currently don’t support non-HTTPS domains, Amazon WorkLink doesn't have specific requirements for the certificate provided on the customer side.

Amazon WorkLink also uses TLS to secure connections between Availability Zones within a region, secure connections between regions, and secure connections between accounts.