On Demand Migration cryptographic usage is based on Azure FIPS 140-2 compliant cryptographic functions. For more information, see: https://docs.microsoft.com/en-us/azure/storage/blobs/security-recommendations
The On Demand team follows a strict Quality Assurance cycle.
In addition, the On Demand Development team follows a managed Security Development Lifecycle (SDL) which includes:
On Demand developers go through the same set of hiring processes and background checks as other Quest employees.
On Demand has undergone a third party security assessment and penetration testing yearly since 2017. The assessment includes but is not limited to:
A summary of the results is available upon request.
On Demand is included in the scope of the Platform Management ISO/IEC 27001, 27017 and 27018 certifications:
Quest Software, Inc. has successfully completed a SOC 2 examination of its On Demand solution. The examination was performed by an independent CPA firm for the scope of service described below:
Examination Scope: Quest On Demand Platform
Selected SOC 2 Categories: Security
Examination Type: Type 2
Review Period: August 1, 2022 to July 31st, 2023
Service Auditor: Schellman & Company, LLC
Source control and build systems can only be accessed by Quest employees on Quest’s corporate network through domain security. If a developer or any other employee with access to On Demand Migration including On Demand Migration leaves the company, the individual immediately loses access to the systems.
All code is versioned in source control.
Access to On Demand Migration data is restricted to:
Access to On Demand Migration data is restricted through the dedicated Quest Microsoft Entra ID security groups. For different types of data (e.g., product logs, customer data, and sensitive data) different access levels and lists of allowed people are assigned.
Quest Operations team members have access to the Quest’s production Azure Subscription and monitor this as part of normal day to day operations. On Demand Migration developers have no access to Quest’s production Azure subscription.
To access On Demand Migration, a customer representative opens the On Demand website and signs up for an On Demand account. The account is verified via email; thus a valid email address must be provided during registration.
An organization is automatically created once the new account is created.
Prerequisites:
Microsoft Entra ID Global Administrator must give the Admin Consent to provision On Demand Migration for the customer's Microsoft Entra ID with the following permissions:
Microsoft Graph
Microsoft Entra ID
OAuth 2.0 Permission Grants
Microsoft Graph
Microsoft Entra ID
Microsoft Graph permissions reference - Microsoft Graph | Microsoft Docs
On Demand Migration internal logging is available to Quest Operations and On Demand Migration development teams during the normal operation of the platform. Personally Identifiable Information (PII) data
The recorded information includes date and time, actor, a description and customized fields of the event but no details about the content of the data migrated
The On Demand solution leverages Azure App Insight to collect all environment and application specific logs, auditing of user activities, system, and system administration activities. The logs are encrypted at rest starting in Application Insight and Azure tables then written to WORM storage within Azure to prevent tampering.
A customer only log is used when an error occurs which contains the Title of the object migrated
Quest Operations and Quest Support have procedures in place to monitor the health of the system and ensure any degradation of the service is promptly identified and resolved. On Demand Migration relies on Azure infrastructure and as such, is subject to the possible disruption of these services.
© ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center