In this article, you'll find information on the security measures ShareGate uses to keep your data safe.
- Security within the organization
- Vulnerability management
- Data protection
- Access controls
- Incident response
- Employee policies
- ISO 27001
Security within the organization
We have dedicated teams working on application and operational security with the full support of our management.
Third-party penetration testing is done yearly and complemented by internal pentests and secure code reviews. Vulnerability handling is covered by our internal policies to ensure a quick analysis and mitigation of any issues.
All of your data within the application is encrypted at rest using AES 256 and in transit using TLS 1.2.
Database backups are performed frequently. They are encrypted at rest and made available in the event of a disaster.
When sensitive or personal data needs to be stored or cached it is done with an additional application-level encryption layer.
For more information, see Encryption and data security.
Access to administrative operations and production infrastructure is only granted to a few select engineers through Azure's Privileged Identity Management service with time restrictions and approval processes enabled. They must connect through a Virtual Private Network (VPN) with Multi-Factor Authentication (MFA).
We will contact you to obtain explicit consent in the event our engineers require administrative access that could reveal any of your organization's data to resolve issues you are facing with ShareGate.
In the event of a security incident, our Security Incident Response Team (SIRT) will take all necessary measures to resolve the issue and communicate with the affected users as soon as possible.
Automated priority calls and messages are sent to our incident handlers as soon as a problem is suspected or detected.
We believe responding to incidents is of the highest importance. All the required resources are made available to our Security Incident Response Team, including the resources of our parent company, if additional help is needed.
Incident handling drills happen periodically to ensure that our team is as efficient as possible if a real incident occurs.
All our employees get a background check and they get mandatory security training. We monitor conformity with the Azure Security center.
Our security program is aligned with ISO 27001.
ShareGate is ready to handle any requests related to GDPR. Workflows are in place to ensure a fast response time on any formal request and our support team has been trained accordingly.
Our legal and security teams are hard at work ensuring that all existing and new processes are compliant with the law at ShareGate.
For more information on our security practices, see our security FAQ.
Note: A minimal amount of tenant data will pass securely through our environment in the Microsoft Azure East US 2 region during operation. Concerning ShareGate's archive feature, you can set your preferred storage solution for your data. Additional questions can be directed to our support team.