Articles in this section

Encryption and data security

Updated

Your data is secure both at rest and in transit.

This article provides details on the 4 types of data stored by ShareGate Apricot and how they are secured.

Note: The app stores all required data in Microsoft Azure's East US 2 region.

Index

User security-critical data

User security-critical data includes application access tokens and encryption keys. This data type is stored in the Azure Key Vault. Key Vault uses hardware security modules (HSMs) to provide an even higher level of encryption for all data stored within it. 

ShareGate Apricot has a registered Key Vault identity, so it is able to access user security-critical data. All accesses are fully audited and logged.

This is the most secure data layer.

User access tokens

User access tokens are cached in Azure Blob storage using at rest encryption (256-bit AES encryption) and application-level encryption (256-bit AES encryption). 

User data

This is data that is recovered from your Microsoft 365 environment. This includes team and group membership information, team and group ownership information, and files and content from archived teams or groups.

All data in this category has 3 layers of encryption:

  • Encryption in transit (TLS 1.2).
  • Encryption at rest (256-bit AES encryption). 
  • Application-level encryption (256-bit AES encryption) using a per-tenant key that is stored in the Azure Key Vault. For more information, see the section User security-critical data above.

Note: Some file and content metadata is also indexed in Azure Search to allow you to efficiently search and browse your archived data. 

Application state data

This is the state data that is used to track different settings and options associated with your user account as well as actions taken in the application. For example, customizations made to email notifications, policy settings, actions taken to manage your tenant, etc.

Data in this category has 2 layers of encryption:

  • Encryption in transit (TLS 1.2).
  • Encryption at rest (256-bit AES encryption).

For more information, see What is 256-bit AES encryption at rest and TLS 1.2 in transit?

Related articles