1. Help Center
  2. Technical Docs
  3. Data Management & User Authentication

Data Storage Details

Ever wonder where those numbers and letters go? 📅

Overview

edison365 leverages Microsoft's cloud infrastructure to ensure high availability, durability, and scalability for its users. By utilizing Azure SQL databases for data storage and the global Cosmos infrastructure for user information and platform services, edison365 can guarantee that data is securely stored, efficiently managed, and easily accessible to customers. This strategic use of cloud storage solutions allows edison365 to scale with the growing needs of its clients while maintaining a high level of data protection and performance.

Details

This table defines different types of data in the edison365 app, where they are stored, and how they are encrypted.

Data Location Segregation Region-Specific PI? Encryption
Data you input into fields determined by your administrator upon deployment Each instance has their own dedicated Azure SQL cloud database Y N*

In Transit: TLS 1.2

At Rest: TDE

Configuration (fields, forms, workflows, templates) determined by your administrator upon deployment Each instance has their own dedicated Azure SQL cloud database Y N

In Transit: TLS 1.2

At Rest: TDE

Images (cards, news) determined by your administrator upon deployment, served via CDN from the source location Azure Storage - Blob storage, regionally segregated and further restricted with keys Y N

In Transit: TLS 1.2
At Rest: 256-bit AES encryption, FIPS 140-2 compliant.

More info:
Azure Storage encryption for data at rest

Users' Names, Emails, Departments, Job Titles

determined by your administrator upon deployment

Each instance has their own dedicated Azure SQL cloud database

N

Y

In Transit: TLS 1.2

At Rest: TDE

General Instance Metrics (like user and license numbers) Global Cosmos Infrastructure partitioned by tenant N N

In Transit: TLS 1.2
At Rest:  secure key storage systems, encrypted networks, and cryptographic APIs.

More info: Data encryption in Azure Cosmos DB

* Out of the box there is no PI requested in the default configuration. Configuration, determined by your admin, can be changed to request PI.

Glossary

Need some definitions? No shame, software is chock full of acronyms and jargon. 😆

  • Region-specific means that data is stored regionally based on customer location. This means if you are in Germany, for example, your data (and its backups) would be hosted in the W. Europe region. If you had another team working out of Seattle, you can have their instance stored in Central US instead.
  •  Personal Information (PI), under the GDPR (General Data Protection Regulation), refers to any data that can be used to identify a specific individual, such as their name, email address, department, or job title.
    • This type of information is crucial for customers to be able to generate reports through applications like Power BI or Tableau using our APIs. Without it, reports (including our Power BI Template Reports) could not automatically include the names and departments of users, and would be unreadable without manual modifications.
    • We strive to collect as little information as possible for the app to be useful and the Personal Information we do store is properly secured.
    • The GDPR also mentions Personal Identifiable Information (PII) as a subset of personal information that can be used to distinguish or trace an individual's identity, such as social security numbers, biometric data, or financial information. edison365 does not store any PII by default

If your admin configures the field that requests PII then your edison365 might be storing PII. It is the customer's choice to require whether or not PII is input into fields by users and therefore saved in the database.


For example:
An admin configures the field Social Security Number (SSN) and adds it to a form. Users will start filling out this requested information, which is stored like any other data in the database.

  • Azure Storage offers highly available, massively scalable, durable, and secure storage for a variety of data objects in the cloud. Azure Storage data objects are accessible from anywhere in the world over HTTP or HTTPS via a REST API.
    • Blob storage is used for file storage behind a private VPN with containers in private mode.
    • via CDN (Content Delivery Network) from a source location means a system whereby a token, generated by the API for a specific instance, allows authentication between an instance and the blob storage.
  • Azure SQL Server refers to Microsoft's cloud-based relational database service that provides high availability, scalability, and security for storing and managing structured data. It is a fully managed Microsoft service that allows us to create, scale, and manage relational databases in the Azure cloud environment. Azure SQL Server offers features such as automatic tuning, intelligent performance optimization, and built-in security capabilities to ensure data integrity and confidentiality. By leveraging Azure SQL Server, edison365 can efficiently store and retrieve data from dedicated databases, ensuring a reliable and robust data storage solution for our users.
  • Cosmos DB allows for super fast response times and high reliability and availability due to its globally distributed nature. This means that data is replicated across multiple Azure regions, ensuring that users can access edison365 services quickly and efficiently from locations around the world. By distributing data globally, Cosmos DB minimizes latency and enhances performance, making it an ideal solution for applications that require real-time data processing and low response times. Additionally, Cosmos DB offers built-in replication and failover mechanisms, ensuring that data is always accessible and protected against potential outages or failures.
  • Encryption
    • Transport Layer Security (TLS) 1.2 is a cryptographic protocol that ensures secure communication over a network by providing encryption and data integrity.
    • Transparent Data Encryption (TDE) is a security feature that helps protect data at rest by automatically encrypting and decrypting the data files in the Azure SQL databases. TDE helps prevent unauthorized access to the data by encrypting the database files, including the log files and backup files. By using TDE, edison365 ensures that data stored in Azure SQL databases is securely protected, providing an additional layer of security to safeguard sensitive information from potential security threats.
    • 256-bit AES encryption refers to the Advanced Encryption Standard (AES) algorithm, which is widely recognized as a secure and efficient method for encrypting data. With a key length of 256 bits, AES encryption provides a high level of security by creating complex encryption keys that are extremely difficult to break through brute force attacks. This level of encryption ensures that data stored using AES is well-protected against unauthorized access or cyber threats.
    • Additionally, being FIPS 140-2 compliant means that the encryption meets the stringent security standards set by the Federal Information Processing Standards, further enhancing the reliability and trustworthiness of the encryption method used to safeguard sensitive information.