What data are we uploading?
The Spotlight Cloud Diagnostic Server collects system configuration and performance metrics from monitored connections in your Spotlight environment and then periodically uploads that data to SpotlightCloud.io. From the uploaded data and subsequent analysis SpotlightCloud.io is able to generate a picture of your system’s health and performance. The actual source of the data is documented below in Appendix A.
How is customer data transferred from on-premise to Spotlight Cloud?
When data is uploaded to spotlight cloud, from the on-premise software, it is sent via https to a cloud-based service running in Microsoft Azure. The low-level security protocols utilized during the data-transfer will depend on the client and the server.
Where is customer data stored?
As of April 2018, all data is uploaded to Azure datacenters in North America. The datacenters utilized include: North Central US, South Central US, East US 2 and West US 2.
Data is encrypted at rest based on Microsoft Azure Storage Service Encryption.
How long is customer data kept?
Data uploaded to Spotlight Cloud is kept indefinitely. However, we make no promises about how long we’ll keep customers’ data. Quest may purge ‘old data’ in order to keep our financial costs under control.
How does Quest obfuscate Personally Identifiable Information (PII)?
“We don’t” is the short answer. Data collected via on-premise software is uploaded to Spotlight Cloud and stored “verbatim”. So there is no effort spent on obfuscating any PII that was uploaded. For example, if we collect SQL statement text, we don’t attempt to strip out any ‘variables’ from that text (e.g. in the case where the variable’s value is a credit card number).
How are users authenticated on the Spotlight Clients (Web, Mobile, Spot-X, DS-Configuration Tool)?
- Standards based authentication protocol OIDC.
- Claim based secured and signed authentication token
Where can I find security and compliance information on the Windows Azure Platform?
The best place to go is the Windows Azure site itself.
The following data is collected from monitored connections by the Spotlight Cloud Diagnostic Server. It is uploaded as a JSON.
- hasdbaccess for user “guest” only