ownCloud helps organizations keep their data safe. The comprehensive encryption architecture has three levels of encryption: In transit, at rest and end-to-end.
In-transit encryption is active by default and by design using HTTPS connections and the latest TLS protocol. Files can be encrypted server-wide and/or End-to-End.
At rest, files can be encrypted by master key. When encrypting with a master key, all files are encrypted using just one key pair. This prevents data to be read from storage. For added security, the keys can be stored in a hardware security module (HSM).
Please consider that stronger encryption also brings some inconveniences. Features not available when using strong encryption can, depending on the encryption level, include Collaborative editing, virus scanning, Impersonation, OAuth2, ElasticSearch and Office Integrations.