How To Secure Data During Cloud Migration: 5 Tips From Experts
MigrationWiz is the leading tool for successful data migrations, whether you’re moving to the cloud or between cloud tenants. It’s a proven solution for flexible, streamlined email and document migrations of any size and complexity. A vital component of every migration is assuring the security of your data throughout the process. MigrationWiz incorporates multiple layers of protection, and the user also plays a key role. BitTitan’s shared approach to security is detailed in our updated cybersecurity overview, Migration Security White Paper.
Organizations often have different dynamics when it comes to their security and compliance requirements. This can depend on a number of factors including industry, region, and infrastructure. MigrationWiz meets the highest international security and privacy standards as defined by ISO/IEC, and stays ahead of best practices. We also provide guidance for users since many aspects of cybersecurity are within their exclusive control. Here are five tips from our experts:
- Sanitize sources pre-migration. Since MigrationWiz migrates data “as-is,” anything that’s infected at the source will carry over to the destination. So, as part of your pre-migration process, we always recommend that you run an anti-virus scanner on the source prior to executing the migration. In taking this step, you can avoid bringing viruses into the destination, and also ensure that your data is migrated without corruption errors.
- Customize your data purge. We recommend that you delete projects after reviewing account activity and verifying that the migration is complete. Deleting the project severs the connection between MigrationWiz and your source and destination servers. You can also set MigrationWiz to auto-delete an unused project within a period of time that you specify. The Maintenance section of Advanced Options is the place to configure a custom purge policy for each migration project.
- Maintain source data post-migration. Even after a successful migration, we recommend that you maintain your source data server for a period of time. This redundancy will help recover infected or corrupted data that fails to migrate. It also helps you ensure that mail forwarding is working properly.
- Keep track of what’s going on. While MigrationWiz does most of the migration work for you, your core team should do regular monitoring to maintain security. This includes a regular review of account activity to prevent unauthorized use. During a migration, you can set email notifications to alert your team of the project’s success or failures. We further enable you to log subject lines of failed items, which provides better support visibility but may not adhere to your own internal privacy policies.
- Understand Common Vulnerabilities and Exposures (CVEs). The simple reality is that you can’t depend on every data platform to be invulnerable. For example, Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 does not properly validate redirection tokens. This allows remote attackers to redirect users to arbitrary web sites and spoof the origin of email messages via unspecified vectors. This is known as “Exchange URL Redirection Vulnerability.” This list of common software vulnerabilities should be reviewed regularly; at least as often as new software updates are installed: https://web.nvd.nist.gov/view/vuln/search
How MigrationWiz Protects Data
The recently updated cybersecurity overview for MigrationWiz outlines the measures BitTitan takes to protect your data and help your organization stay in compliance. We also update our practices as technology evolves, so you’ll see changes as you continue to use MigrationWiz. The security practices covered in our latest overview include:
- Encryption of data connections
- How data is handled without being stored or cached
- Password complexity and change requirements
- The use of geographically dispersed, locally-deployable, fault-tolerant infrastructure
- Reviewing log files to detect security events
- How MigrationWiz interacts with your organization’s firewall
- Globally redundant continuity and disaster recovery plans
You’ll also see how MigrationWiz conforms with ISO/IEC 27001 and ISO/IEC 27701 standards for information security management systems (ISMS) and Privacy Information Management Systems (PIMS). This includes compliance with regulatory requirements for GDPR and the California Consumer Privacy Act (CCPA). In addition, BitTitan uses Azure data centers which are compliant with ISO/IEC 27001/27002:2013, SOC 1 Type 2 and SOC 2 Type 2, PCI DSS Level 1, FISMA, HIPAA/HITECH, CJIS, CSA CCM, FERPA and others.
For Your Due Diligence
If you’re planning a data migration project, or looking at MigrationWiz for the first time, you’ll be expected to cover all the bases when it comes to security and compliance. Read our updated cybersecurity overview and share it with the stakeholders and team members who will be active in your migration project. Contact us if you have questions or would like to obtain copies of our ISO/IEC certificates.