What data does Movere collect?
Data captured by Movere initially falls into one of two categories. The first, referred to as inventory data, captures device and user information at a point in time and automatically supersedes anything previously received from each endpoint. For example, a Movere inventory scan might capture that a device is running Windows Server 2016 with 4GB of RAM. If the systems resources are increased to 8GB of RAM, then on a subsequent scan Movere will report that the system has 8GB of RAM, but it will not report that the system has been assigned additional RAM since the previous scan. This analysis could be done manually, but it is not maintained by Movere was designed to always present the most recent data received from each system. The second category, referred to as Actual Resource Consumption (ARC) data, captures how the system is performing over time e.g. 1 month. Movere automatically calculates how each systems performance changes over time and uses this data to identify the instance sizing that will deliver the same or better performance in the cloud.
Movere can scan Windows and Linux systems, and can automatically integrate the data it collects directly from these systems with the data it can capture from other sources e.g. Active Directory, vCenter (running on Windows with SQL or from a VMware Virtual Center Server Appliance), System Center Virtual Machine Manager, System Center Configuration Manager, Hyper-V, Altiris, LANDesk, LanSweeper, BigFix, Office 365, SharePoint, Project Server, System Center Operations Manager, System Center Data Protection Manager, Exchange, Skype for Business, and Dynamics CRM.
In addition to the data Movere collects, user information is required to facilitate the Movere login process. This is the information a user provides when registering a Movere user account:
Movere does not collect payment related data and no Information, other than the items listed above that facilitate the login process, are collected directly from individuals. For more information on the data collected by Movere, please refer here or contact Movere Support.
How does Movere collect data?
Data collection begins with the Movere Console, which can only be downloaded from the Movere website. Each Console has several identifiers that make it unique to each customer, including a global unique ID (GUID). A GUID is used as the Movere Console does not include the customer’s name, the user’s name or any other PII elements that can link it to a specific customer or user. The Console also includes a PGP public key that is exclusive to each customer. The PGP key is 2048-bit long and is used to encrypt all the data prior to being uploaded to the cloud.
All data collected by the Movere bots is uploaded either directly to the cloud from the target device(s) or to the cloud via the Movere Console. All resulting output files are encrypted in memory using PGP. All private/public keys are unique to each customer. Before uploading to the cloud, output files are also zipped for further size reduction. When the user authenticates, a token is downloaded and added to each zip file as a header. Only then can the file be uploaded via secure channel (HTTPS) to the Azure cloud for processing.
How does Movere store and leverage credentials?
Movere does not store any passwords in the bot executables, and the Console will only send passwords to the bots when SQL is detected on a target device. That is, the bots are distributed without any passwords hashes stored, and passwords are passed securely in memory only when secondary databases such as SQL are detected on the target machines and the NT Authority account on the target machine cannot access the secondary database. At no point during the scanning process will password hashes be stored in the bots or on the target machines.
Similarly, Movere prohibits the propagation of credentials with Domain Admin privilege to the Movere Bots for security purposes. This means Domain Admin credentials can be used to run the Console and scan Windows devices, however they will not be sent to the Bots to collect secondary data (i.e. SQL Server).
How does Movere upload data?
Each Movere customer Console contains a unique 2048-bit strong PGP key which is used to encrypt data in memory before being written to disk, significantly reducing security risks. This is referred to as the public key and can only be used to encrypt data. In order to decrypt the data, it needs to be uploaded to the cloud where specialized APIs identify the user, match it to a customer and retrieve the customer’s private key from a repository that stores it encrypted as well.
The user that is uploading data using the Movere Console, needs to have the correct access level (Write claim) and is required to authenticate using the Movere Console. Once the user authenticates, they are issued a token. The token is valid for 90 days and is used for every upload that the Movere Console is responsible for, be it inventory or ARC data. NOTE: The token is NOT used to encrypt or decrypt data, nor can it be used to access the Movere website. The sole purpose of this token file is to allow uploads of already encrypted data to the cloud, and to identify the user that is performing the upload. After 90 days, the token becomes invalid and user needs to authenticate once again via the Movere Console.
Upon reaching the cloud each output file is handled by a FileTransfer API. Each output file gets decompressed, decrypted then pushed into the database belonging to the customer performing the scan and upload. No two customers share the same database. For the database, the data is also extracted onto a secondary database for reporting, then into Qlik which stores it in memory for the user to access to via the website.
The entire upload process is performed over a secure connection (HTTPS) which uses SSL/TLS. This is on top of the encryption at rest of each file using PGP keys.
How does Movere store data?
Movere is a cloud-only solution, which stores all encrypted and anonymized data in the Microsoft Azure cloud. As Movere is stored in Microsoft Azure’s cloud services, Movere is covered by the security processes and certifications that Microsoft have strived to achieve while building this secure platform. A list of these security certifications can be found here.
The Movere infrastructure is currently configured in the West US, Canada East, West Europe, and Australia East Azure regions. Each customer database resides in only one of these regions, and all customer data is stored only in the Movere region the database resides in. That is, if a customer’s tenant is housed in Australia East, all scan data will only reside in this region, including any backup data. No scan data is replicated or stored in the other Movere regions at any time.
User logon data is replicated across all four Movere regions in order to ensure the quickest authentication experience for any user, anywhere in the world, regardless of the region their user account is registered to. For example, if a user registered to a tenant residing in West US logs in to Movere during travel abroad, Movere will authenticate the user through the Movere region closest in proximity to their geographical location, (e.g. West Europe or East Australia). This is achieved by Movere replicating the user’s logon information, (i.e. the information provided to Movere when registering my user account), across all four Movere regions.
Once the user is authenticated and emulates their scan data, (which is housed in West US), they are routed from the region authenticating their logon to the region their data resides in. As all scan data is only accessible from the region their database resides in, Movere requires the user to re-route to that region before they can access scan data.
How does Movere secure data?
Movere uses the following cryptographic technologies to protect data (e.g. database, server, backups, applications, web services, etc.):
- For passwords we use ASP.NET encryption (see PBKDF2)
- For PGP we use RSA 2048
- For tool credential encryption we use SHA 256
- For database/server see Azure SOC reports
Movere uses the following mechanisms to secure data at rest, data in transit, and data in use:
- Data at rest is secured using PGP encryption
- Data in transit is secured using PGP + SSL (HTTPS) transmission
- Data in use is secured using Qlik proxies, which also use SSL (HTTPS)
For more information on the encryption methods utilized by Movere, please see How Does Movere Encrypt Data?
How long does Movere data retained?
All data is stored in the Movere cloud and is retained for up to 30 days post-expiration of a subscription in a locked state. During this time, no user can access data, including customer and partner users. All data is deleted from Movere within the 30-day period, including any backup data.
How is Movere data accessed?
Movere is based on the entity framework which consists of a data model and a set of design and run-time services that isolate the website from the underlying logical database schema. Outside parties cannot see the Movere data structure and there is no ability to query SQL directly from the outside. There is no human interaction with source data. Movere does not perform binary (.exe) mapping, overlay bundling assumptions, apply estimates, or leverage extrapolations. What you see with Movere is what you would get if you were to directly log in to each system personally and inspect it with a virtual microscope. Movere Support and Engineering resources may have access to customer data as necessary to conduct technical troubleshooting and updating.