Security
The following FAQs address security questions.
Back office implementations follow industry standard security practices. including but not limited to:
-
All incoming communication (from web users, on-premises agents, FTP clients, and so on) is transmitted exclusively via TLS 1.2+ using only high strength cipher suites (Encryption in Transit).
-
Object and volume storage containing non-ephemeral data is encrypted using the industry standard AES-256 algorithm (Encryption at Rest).
-
Industry standard Principle of least privilege (PoLP) is consistently applied. This is applied within the application, as well as within the back office (governing access to infrastructure resources, limiting intra-back office communications, and so on).
Consult the available Service Description documentation for more information.
Individual tenant data is stored in separate indexes and object storage locations.
Yes, the indexes are backed up. Consult the available Service Description documentation for more information.
When objects are captured by the Fusion processing agent, the extracted content and relevant metadata is transmitted to the back office for further enrichment. The end results are then held in index storage within the back office.
Optionally, you may elect to also collect data (either by choice or to enforce a hold). In this case, a copy of the original data object is then also transmitted to the back office, which will be held in object storage within the back office.
Fusion processing agents performing data capture and collection follow the same security procedures, regardless of the data type.
-
During configuration, the tenant provides information about the repository type, path to the dataset, and access credentials. This information makes up a dataset's definition, which is used to reach the data type. Dataset definitions are encrypted and held securely within the back office.
-
An agent system connects to the back office and retrieves any pending tasks that have been delegated to it.
-
The dataset definition is provided to the authorized agent for use only when performing the specific task.
-
Data captured/collected is then transferred by the agent to the back office.
This applies to both individual private tenant on-premises agents and datasets assigned to be managed by cloud to cloud (C2C) agents operated from within the back office.
On-premises agents can operate on datasets that may only be available to the particular private customer system (such as, file system, private Exchange) or public locations (such as, SharePoint Online, Office 365) if the customer permits access to those.
C2C agents are restricted to exclusively operate on those data types that can be reached through public locations (such as, SharePoint Online, Office 365).