Your data is secure both at rest and in transit.
This article outlines the 4 types of data in ShareGate Protect and explains how these data types are secured. For information on data security in ShareGate Migrate, see Encryption and security.
For more information, see What is 256-bit AES encryption at rest and TLS 1.2 in transit?
Note: ShareGate stores required data in Microsoft Azure's East US 2 region.
Index
Data types
User security-critical data
User security-critical data includes application access tokens and encryption keys. This data type is stored in the Azure Key Vault. Key Vault uses hardware security modules (HSMs) to provide an even higher level of encryption for all data stored within it.
ShareGate has a registered Key Vault identity, so it can access user security-critical data. All accesses are fully audited and logged.
This is the most secure data layer.
User access tokens
User access tokens are cached in Azure Blob storage using at-rest encryption (256-bit AES encryption) and application-level encryption (256-bit AES encryption).
User data
This is data that's recovered from your Microsoft 365 environment. This includes team and group membership information, team and group ownership information, and files and content from archived teams or groups*.
All data in this category has 3 layers of encryption:
- Encryption in transit (TLS 1.2).
- Encryption at rest (256-bit AES encryption).
- Application-level encryption (256-bit AES encryption) using a per-tenant key that is stored in the Azure Key Vault. For more information, see the section User security-critical data above.
Note: Files and content from archived teams or groups can be stored in ShareGate's default Azure storage located in Microsoft Azure's East US 2 or a custom Azure storage account of your choosing. Regardless of which storage location you select, ShareGate will store some file metadata, such as file names and ownership information, in an Azure search service index to allow you to efficiently search and browse your archived data.
Application state data
This is conditions data used to track different settings and options associated with your account, as well as actions made using ShareGate. Examples include customizations made to email notifications, policy settings, actions taken to manage your tenant, etc.
Data in this category has 2 layers of encryption:
- Encryption in transit (TLS 1.2).
- Encryption at rest (256-bit AES encryption).