Privacy and Security Policy
At Altosio, we take data privacy and security seriously. It is our concern to keep your data safe and secure.
How is your data security handled within the Altosio Platform?
Altosio provides a cloud-based application hosted on Microsoft Entra / Azure. It means that the software and data are centrally hosted and accessed by clients using a web browser and internet connection.
Altosio leverages the security layers and certification of Microsoft Azure (ISO 27001), in addition to the physical protection of Microsoft’s infrastructure and network.
Your credentials to your Altosio account are stored using the SHA-256. The password is irreversible. Altosio only compares hashes at the time of your login.
Environment
Altosio is hosted in Microsoft Azure data centers located in the Netherlands (UE). This highly scalable platform guarantees availability and ensures that all of our clients are able to access our services at any time.
Microsoft’s public auditor Deloitte has issued a Service Organization Control (SOC) 2 Type 2 report for Windows Azure in security, availability, and confidentiality trust principles.
http://azure.microsoft.com/en-gb/support/trust-center/compliance/
Security
Altosio guarantees the following levels of security protection:
- Security: Physical and logical protection against unauthorized access.
- Availability: The system is operationally available for use as committed or agreed.
- Processing Integrity: System processing is complete, accurate, timely, and authorized.
- Confidentiality: All information is classified and protected as committed or agreed.
- Privacy: Personal information is collected, and retained as agreed.
Data and logs
To be able to use the Altosio software, you are requested to create connectors. These connectors allow Altosio to programmatically connect to your remote Cloud environments.
No UI or Interactive access is possible using these tokens/passwords.
No tokens, usernames, or passwords are stored in clear in the Altosio database. Passwords are hashed in an irreversible way using the SHA-256 algorithm. Tokens are encrypted with AES (Advanced Encryption Standard).
When running migrations, Altosio provides real-time logs allowing the user to monitor the migration. These logs, along with the account, are automatically destroyed after 90 days of inactivity or upon customer request.
What does Altosio store?
Altosio supports incremental syncs. To fulfill the delta syncs, Altosio stores the Ids of your items. It does not store your files or data. The data is migrated in real-time, and no stream is even saved on the hard disk of the servers. The operation is a Pull/Push operation that runs in chunks. The data flows encrypted from your source servers to the RAM of the migration server, and then to your destination servers.
Using the Ids of the items, Altosio is capable of determining what was migrated during the next run, and automatically skips what’s migrated and migrates what was never migrated. This prevents the duplication of your data in the destination.
Connections and Protocols
Altosio 3 ways to connect to your remote server:
- Using Personal Access Tokens (PATs). These tokens act as the user that generated them, and will only have access to whatever the user has access to.
- Using Applications. These can be Azure AD Applications or Applications from other cloud vendors like Trello. You have to grant your consent for us to use these apps. Once your migration is over, you need to delete these applications.
- Using username and password. This is particular to M365. This provides delegated access to call a certain set of APIs within Microsoft that are not callable using an Application token.
Connections to the source and the destination are done using the HTTPS protocol. No data is ever transferred unencrypted over the internet.
For more information, please reach out to us at security@altosio.com.