Connect
Security
The following FAQs address security questions.
How is the File Analysis Suite environment secured in AWS (Amazon Web Services)?
Back office implementations follow industry standard security practices. including but not limited to:
-
All incoming communication (from web users, on-premises agents, FTP clients, and so on) is transmitted exclusively via TLS 1.2+ using only high strength cipher suites (Encryption in Transit).
-
Object and volume storage containing non-ephemeral data is encrypted using the industry standard AES-256 algorithm (Encryption at Rest).
-
Industry standard Principle of least privilege (PoLP) is consistently applied. This is applied within the application, as well as within the back office (governing access to infrastructure resources, limiting intra-back office communications, and so on).
Consult the available Service Description documentation for more information.
File Analysis Suite is multi tenanted. What protects my data from being seen by others?
Individual tenant data is stored in separate indexes and object storage locations.
Does File Analysis Suite backup the indexes, and if so for how long are the indexes kept?
Yes, the indexes are backed up. Consult the available Service Description documentation for more information.
What metadata is copied to the cloud ?
When objects are captured by the File Analysis Suite processing agent, the extracted content and relevant metadata is transmitted to the back office for further enrichment. The end results are then held in index storage within the back office.
Optionally, you may elect to also collect data (either by choice or to enforce a hold). In this case, a copy of the original data object is then also transmitted to the back office, which will be held in object storage within the back office.
What security is in place for transferring data from cloud repositories? From agent repositories?
File Analysis Suite processing agents performing data capture and collection follow the same security procedures, regardless of the repository type.
-
During configuration, the tenant provides information about the repository type, path to the repository, and access credentials. This information makes up a repository's definition, which is used to reach the repository. Repository definitions are encrypted and held securely within the back office.
-
An agent system connects to the back office and retrieves any pending tasks that have been delegated to it.
-
The repository definition is provided to the authorized agent for use only when performing the specific task.
-
Data captured/collected is then transferred by the agent to the back office.
This applies to both individual private tenant on-premises agents and repositories assigned to be managed by cloud to cloud (C2C) agents operated from within the back office.
On-premises agents can operate on repositories that may only be available to the particular private customer system (such as, file system, private Exchange) or public locations (such as, SharePoint Online, Office 365) if the customer permits access to those.
C2C agents are restricted to exclusively operate on those repository types that can be reached through public locations (such as, SharePoint Online, Office 365).