How Jama Connect® Protects Data with Encryption in Transit and at Rest

Amanda Jennewein
Amanda Jennewein
  • Updated

Published Date: October 16, 2025

Validated: Yes

Audience: Everyone

Products and Versions Covered:

  • Cloud/CVC
  • Self-hosted, Replicated - KOTS
  • Jama Connect® 

IMPORTANT: Access to the REST API is limited to users with a Named Creator Jama Connect license, including endpoints in v1, labs, and SCIM. Users without a Named Creator Jama Connect license, including those with a Creator Float License, do not have access.

Summary 

This article explains how Jama Software® protects customer data through in-transit and at-rest encryption. It outlines the security controls applied in Jama Connect® Cloud and clarifies customer responsibilities for self-hosted deployments.

By the end of this article, you will understand:

  • How Jama Connect Cloud encrypts data during transmission

  • How Jama Connect Cloud encrypts stored data

  • What security responsibilities apply to self-hosted environments

  • Additional security controls and compliance standards supported by Jama Connect

Jama Software takes data security seriously and applies multiple layers of protection to safeguard customer information.

Resolution

1. Encryption in Transit

Jama Connect protects all data transmitted between the application and client systems (such as web browsers and API clients) using Transport Layer Security (TLS).

For Jama Connect Cloud:

  1. The system enforces HTTPS using TLS 1.3 or higher for all connections.

  2. All communication—including login credentials, configuration data, attachments, and API requests—is encrypted.

  3. Encryption protects data from interception and tampering while in transit.

For self-hosted deployments:

  1. Organizations must configure HTTPS using valid TLS certificates.

  2. Administrators are responsible for maintaining and renewing certificates.

  3. Proper TLS configuration ensures equivalent protection for data in transit.

2. Encryption at Rest

Jama Connect Cloud encrypts stored data using strong, industry-standard encryption.

For Jama Connect Cloud:

  1. The platform encrypts application databases, attachments, and backups using AES-256 encryption.

  2. Secure, role-restricted key management services (such as AWS Key Management Service) manage encryption keys.

  3. Encryption at rest protects stored data from unauthorized access.

For self-hosted deployments:

  1. Encryption at rest depends on how the organization configures its database, file storage, and infrastructure.

  2. Customers are responsible for enabling and managing disk-level or database-level encryption.

  3. Jama provides configuration guidance but does not manage customer infrastructure.

3. Additional Security Practices

Jama Connect Cloud includes the following security controls:

  • Single Sign-On (SSO) integration using SAML 2.0

  • Role-based access control (RBAC) to restrict user access

  • Regular penetration testing

  • Independent third-party security audits

  • Compliance with SOC 2 Type II and ISO 27001 standards

These controls support a secure operating environment and ongoing risk management.

Additional Resources 


Feedback:

We welcome your input! Please sign in to leave any comments, suggestions, or improvement ideas below.

 

Related to

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.