Why no one “along the way” will see your IT data

Knowing where your data is and who has access to it is the absolute foundation of cyber security today. At eAuditor cloud, we don’t treat this topic superficially; we protect information on many levels: from physical infrastructure to advanced transmission encryption. To understand how we do it, it’s worth going back a few decades.

In the 1970s, the Internet was a very different place. No one was planning online banking, cloud-based solutions (SaaS) or complex API systems back then. The network was small, closed and based on mutual trust. The problem arose when computers started communicating through public nodes that no one controlled. Suddenly it appeared that “anyone along the way” could eavesdrop on the data being transmitted over the cable. The breakthrough came in 1976. Two cryptographers-Whitfield Diffie and Martin Hellman-proposed a solution that sounded like science fiction: a way for two parties to establish a shared secret key over an open network without ever sending it to each other. Thus was born the revolutionary Diffie-Hellman key exchange.

It is this idea that has become the foundation of modern cryptography. Today, HTTPS, secure banking, instant messaging and, above all, eAuditor cloud are based on it. Every connection to our platform begins with this very mechanism: first securely establishing a shared secret, and then impenetrable encryption.

In the following section, we will explain why the latest TLS 1.3 protocol is crucial for security and what additional protection mechanisms BTC uses to ensure that data in the eAuditor cloud is always inaccessible to unauthorized parties.

What security measures do we use in eAuditor cloud?

Cloud security is not only about encryption, but first and foremost about strict procedures and stable infrastructure. BTC, as a Polish manufacturer, places special emphasis on compliance with European standards. Here are the key pillars of our protection:

• Servers in Poland and Tier standards: All eAuditor cloud components are located in Polish data centers (including OVHcloud in Ozarow Mazowiecki). The infrastructure meets the strict requirements of RODO and has ISO 27001, 27017, 27018, 27701 certifications and SOC 1/2/3 standards.
• Full data isolation: We use a multi-tenant architecture with logical separation. Each client has an individual database, ensuring that information is never shared and remains exclusively within the account.
• Data safe in the EEA: We guarantee no data transfer outside the European Economic Area. The only exception is data necessary for payment processing, handled by the global leader Stripe.
• Cyclic penetration testing: We do not rely on our own assurances. The eAuditor cloud service regularly undergoes audits and penetration tests performed by independent third parties.
• Backups: The system automatically creates backups that allow for instant disaster recovery.
• Full control over retention: You are the one who decides about your data. Information can be permanently deleted by you from the console at any time.
• MFA-protected access: logging into the administration console is protected byMulti-Factor Authentication, which virtually eliminates the risk of account takeover due to password theft.
• State-of-the-art TLS 1.3 encryption: all communication between eAgent → eServer is carried out using the state-of-the-art TLS 1.3 protocol, which provides the highest level of transmission protection currently available.

You can find a detailed summary of certificates and declarations of conformity on our trust page: eAuditor cloud Trust Center.

How does TLS 1.3 work? The mechanism “under the hood”

The TLS 1.3 protocol is currently the most secure communication standard on the Internet. Compared to older versions, it is not only more secure, but also faster. Here’s how the connection establishment process works:

1. Initiation (Handshake): Your browser (client) sends a “Client Hello” message with a list of supported encryption methods. The server responds with “Server Hello,” immediately selecting the most secure configuration. In TLS 1.3, this process is shortened to an absolute minimum, speeding up data loading.
2. Certificate and keys: the server sends its certificate and public key. The client verifies it with a trusted issuer. The two parties then proceed to calculate a shared session key.
3. Symmetric encryption: Once the key is established, all transmitted information is protected by modern ciphers (e.g. AES-GCM). This makes the connection an impenetrable tunnel.
4. Integrity protection: With authentication codes (MACs), the system is assured that no one has modified the data during transmission.
5. Session termination: When the work is completed, the connection is securely closed and the temporary session keys are permanently deleted.

How does this “common key count” work?

The Diffie-Hellman mechanism may sound complicated, but it can be compared to mixing paint:

• Step 1: You and the server set a public base color (e.g. yellow). Everyone can see it – you, the server and the potential eavesdropper.
• Step 2: Each of you draws your secret color. You choose blue, the server chooses red. You never send them to each other!
• Step 3: You mix your secret blue with the public yellow and get green. The server mixes his red with yellow and gets orange. You send these mixtures to each other.
• Step 4: Now the magic: You add your secret blue to the orange you received. The server adds his red to your green.

The result? Both sides get the same brown color, which becomes your common key. The eavesdropper, although he has seen yellow, green and orange, is unable to reproduce the final brown because he does not know your secret ingredients.

Why is the eavesdropper helpless?

In cryptography, we take advantage of the fact that certain mathematical operations are “one-way”. It’s easy to mix colors (or raise a number to the modulo power), but virtually impossible to separate them to know the original components. Even supercomputers would need hundreds of years to crack the 4096-bit-long keys we use in eAuditor cloud.

What does it look like in the eAuditor cloud?

In designing the eAuditor cloud, BTC has relied on not compromising on security:

• Any communication between the browser and the console is encrypted.
• Critical data exchange between eAgent ↔ eServer always uses TLS 1.3 protocol.
• We use certificates with strong 4096-bit keys.
• We encrypt everything from logins to real-time hardware and software data to system messages.

The result? Data never “flies loose” over the network. Even if someone manages to intercept the packets, they will only see a random, useless string of characters.

Summary

Data security in the cloud is a process where technology provided by BTC meets a responsible user approach. The eAuditor cloud is designed as a “Secure by Design” platform. Data is isolated in certified data centers in Poland, and its transmission is protected by state-of-the-art TLS 1.3 protocol. Combined with regular backups, multi-factor authentication(MFA), integration with Microsoft Entra ID, and secure payments via Stripe, you get a comprehensive information protection system.

Remember, however, that as an administrator you have a real influence on the tightness of this system. It’s worth sticking to a few simple rules:

• Keep up to date: Use the latest versions of browsers and regularly update your operating system – they support the encryption mechanisms on your side.
• Protect access: never share login information with third parties and always use MFA.
• Manage permissions: Regularly audit the list of people who have access to the administration console.
• Operate in compliance with regulations: Use the service in accordance with your organization’s regulations and internal security policies.

By combining eAuditor ‘s advanced cloud technology with user vigilance, your company’s IT infrastructure will remain secure and resilient.

Want to learn more about the standards we meet? Visit our eAuditor cloud Trust Center and check out the details on certification and data protection.