This article describes how your data goes through Cloud copy and how this data is secured.
Note: Cloud copy services are in Microsoft Azure's Canada Central region.
ShareGate has strict measures in place to ensure your data is safe. For more information, see Security overview.
User security-critical data
User security-critical data includes application access tokens and encryption keys. This data type is stored in the Azure Key Vault.
ShareGate has a registered Key Vault identity so that it can access user security-critical data. All accesses are fully audited and logged.
This is the most secure data layer.
User access tokens
User access tokens are cached in Azure SQL Database using at rest encryption (256-bit AES encryption) and application-level encryption (256-bit AES encryption).
256-bit AES at rest and TLS 1.2 in transit encryption
Your data can be at rest, or it can be in transit. When your data is in transit, it is actively moving from server to computer network, between computer networks, or so on. Alternatively, when your data is at rest, it is not actively moving. Encryption at rest and in transit means that your data is fully encrypted in any situation.
With Advanced Encryption Standard (AES) encryption, both the sender and receiver of your data must have the same encryption key to read the data. 256-bit AES encryption is a technique that uses a key length of 256 bits for this process. Because key combinations increase exponentially with key size, the AES-256 key has the mathematical equivalent of 2256 possible combinations.
Using 256-bit AES encryption ensures your data is secure at rest.
Transport Layer Security (TLS) is a protocol that provides end-to-end security for data sent over the internet. TLS ensures your data is encrypted and authenticated and that the data is not tampered with while in transit between applications.
ShareGate connections are always encrypted with HTTPS and TLS version 1.2.