Added storage encryption

Author: ekansa

docs/administering/security.rst

@@ -49,8 +49,9 @@ As discussed, one of the most important aspects of securing an Arches instance c
 
 * **Close ports and limit access to only the intended audience**. In keeping with the *Principle of Least Privilege*, you should block access to all Internet ports on your servers except for those that are needed for Arches to function. Closing ports blocks opportunities for bad actors to access your systems. Similarly, depending on the sensitivity of data in your Arches instance and your operational needs, you can also restrict access to a limited set of known IP addresses. Similarly, one can also restrict network traffic to the PostgreSQL and ElasticSearch servers used by Arches.  
 
+* **Protect your Arches system credentials**. While use of strong passwords is a key security measure, one also needs to protect the server(s) where Arches is deployed. To function, the Arches application needs to be supplied with multiple passwords and other credentials in order to connect with dependency applications, including the PostgreSQL database. These credentials need to be added to or accessible to the ``settings.py`` (or similar ``settings_local.py``) files. To do so, you can choose to store credentials in the ``settings.py`` (or similar) file itself, in seperate configuration files accessed by ``settings.py``, in the system environment variables, or, ideally , in a secret store that helps meet your cybersecurity goals (this being preferred). The credentials represent very sensitive information and need to be secured by protecting the Arches server against unauthorized access. Consider measures to store Arches' system credentials in secure locations off of your server to help prevent accidental disclosure or modification during periods of code updates.
 
-* **Protect your Arches system credentials**. While use of strong passwords is a key security measure, one also needs to protect the server(s) where Arches is deployed. To function, the Arches application needs to be supplied with multiple passwords and other credentials in order to connect with dependency applications, including the PostgreSQL database. These credentials need to added to the ``settings.py`` (or similar ``settings_local.py``) files or accessible to these files via configuration files or environment variables. The credentials represent very sensitive information and need to be secured by protecting the Arches server against unauthorized access. Consider measures to store Arches' system credentials in secure locations off of your server to help prevent accidental disclosure or modification during periods of code updates.
+* **Consider encrypted storage**. As an extra security measure, one can encrypt storage systems used by Arches. For example, if Arches is used to manage uploads of digital files (image files, GIS files, external data files, document files, etc.) these files can be mantained in encrypted storage systems. Many popular cloud storage services, including Amazon S3 or Google provide data encyption options. Similarly, Arches managed data stored in a PostgreSQL database can also be encrypted.
 
 
 Expert Help
@@ -61,4 +62,4 @@ Some organizations must manage sensitive data. In these situations, organization
 
 Collaboration to Improve Security
 ---------------------------------
-One of the most important ways strategies to improve Arches security centers on collaboraiton with the larger Arches open-source community. Some organizations, particularly those in the public sector, have done extensive security audits and penetration testing of Arches. In some cases, they have reported vulnerabilities that were subsequently diagnosed and fixed in the Arches software release process. Reporting vulnerabilities therefore helps improve the security and reliability of Arches for the entire community. Please report any security vulnerability or suspected vulnerability via `the ticket system in GitHub <https://github.com/archesproject/arches/issues>`_. 
+One of the most important ways strategies to improve Arches security centers on collaboraiton with the larger Arches open-source community. Some organizations, particularly those in the public sector, have done extensive security audits and penetration testing of Arches. In some cases, they have reported vulnerabilities that were subsequently diagnosed and fixed in the Arches software release process. Reporting vulnerabilities therefore helps improve the security and reliability of Arches for the entire community. Please report any security vulnerability or suspected vulnerability to contact@archesproject.org !