E-book: Cloudiway Security

Overview:

  1. Overview
    1. About this document
    2. Further information and updates
  2. Security details
    1. Hosting environments
    2. Security and compliance
    3. Audit trails
    4. Application layer security
    5. Backups
    6. Data destruction
    7. Data storage
      1. Migration platform
      2. Coexistence platform
    8. Credentials to connect to the different systems
    9. Credentials to connect to the Cloudiway platform

1. Overview

1.1. About this document

The Cloudiway platform for data migration, coexistence and identity management is a cloud-based application hosted in Windows Azure. It means that the software and data are centrally hosted and accessed by clients using a web browser and internet connection.

This document is intended to answer questions around the infrastructure and security associated with the software and the data.

1.2. Further information and updates

If you have any further questions about security at Cloudiway that are not covered in this document, please get in touch via presales@cloudiway.com.

We maintain a privacy policy, legal information and terms of use which are always kept up to date on the Cloudiway platform at https://apps.cloudiway.com.

You can also request the most recent version of this document at any time by contacting presales@cloudiway.com.

2. Security details

At Cloudiway, we take your privacy and security seriously and as such we have invested significant effort in making our platform and your data secure.

2.1. Hosting environments

Cloudiway uses the secure Windows Azure infrastructure to provide a secure and scalable platform to clients around the world.

Microsoft’s public auditor Deloitte has issued a Service Organization Control (SOC) 2 Type 2 report for Windows Azure in security, availability and confidentiality trust principles.

http://azure.microsoft.com/en-gb/support/trust-center/compliance/

All infrastructure is hosted in Windows Azure.

2.2. Security and compliance

Cloudiway leverages Windows Azure certifications and attestations to provide assurance to Cloudiway and its customers of the security of the infrastructure, network and physical security layers of Cloudiway’s cloud.

  • Security: Physical and logical protection against unauthorized access.
  • Availability: The system is operationally available for use as committed or agreed.
  • Processing Integrity: System processing is complete, accurate, timely and authorized.
  • Confidentiality: All information is classified and protected as committed or agreed.
  • Privacy: Personal information is collected, used, retained and transferred as committed or agreed.

2.3. Audit trails

Audit trails and session logs record user activity and changes made to data by the user.

Cloudiway provides logs that detail when customers logged in and when configuration changes were made.

2.4. Application layer security

All data transmitted between Cloudiway and the user is encrypted via HTTPS. All data transmitted between the different cloud applications (Google Apps, Office 365, etc.) is encrypted via HTTPS.

2.5. Backups

The environment is backed up every day using Windows Azure backup facilities. Restores are tested every month.

2.6. Data destruction

Your data is automatically destroyed after 90 days of inactivity. In addition, we don’t ever store your mail, file or site data for migration (please read below for further details).

You can also ask us at any time to delete your data and accounts when they are no longer needed.

2.7. Data storage

2.7.1. Migration platform

Cloudiway never stores migration mail, files or site data.

Cloudiway migrations take place in real time in memory. The migration engine connects to the source, pulls data and pushes it in real time. Therefore, nothing is stored internally. No data persists on the platform.

However, for the delta pass mechanism, a reference ID of each data migration is stored into internal caches (SQL databases) with the date of modification.

During a delta pass, this ensures that no data is duplicated, and for efficiency, only the changes are propagated.

Connections to the source and the target are done using HTTPS; the data is not transferred unencrypted over the internet.

2.7.2. Coexistence platform

Access to the coexistence platform is authenticated and logged.

Free/busy queries are performed in real time. Google and Office 365 free/busy queries are sent over HTTPS to the coexistence platform which, in real time, queries the remote system. Calendar data are not stored internally. No cache is implemented.

The mail routing service relays mail in real time via a mail queue. If an email can’t be delivered, it can stay in this queue for up to an hour before a delivery report is sent and the email is removed from the queue. Mail routing data are not stored internally. No cache is implemented.

2.8. Credentials to connect to the different systems

The platform needs some credentials to connect to the source and the target through Cloudiway ‘connectors’. You define the credentials that will be used in the connectors. These credentials are stored encrypted using AES 256.

We recommend that, at a minimum, you create temporary passwords during your migration and change the password after the completion of your project. For a higher level of security, we recommend that you create new, temporary admin/access credentials for your target and source systems to use specifically during migration. These can be deleted when migration is complete for complete peace of mind.

2.9. Credentials to connect to the Cloudiway platform

Passwords are not stored in any reversible way. Only a hash of each password is stored. During the connection, hashes are compared.

Cloudiway staff have absolutely no access to your Cloudiway platform password.


Download PDF Here:
Free trial
Want to try?
Free trial
Demo
How it works
Demo
Contact
Any questions?
Contact