Compare for macOS - How are my documents compared?
A brief explanation of what happens to your documents when you run a comparison
How are my documents compared?
When documents are selected for comparison from Workshare’s Compare for macOS or Compare for iOS applications, the documents are sent securely to Workshare's Compare service (which is hosted in Microsoft Azure) where they are compared. The results are then securely retrieved and displayed by Compare for macOS or Compare for iOS.
How data is secured by the Workshare Compare service
The following explains how data at rest is treated in the Workshare Compare service ecosystem.
- Request for comparison arrives (with the source documents) and the Compare service generates a comparison ID.
- The comparison ID is unique to each comparison. It is a cryptographically secure random token with 192 bits of entropy.
- The Compare service encrypts the source documents using a key generated from the comparison ID.
- The encrypted source documents are stored in Microsoft Azure Files.
- The Compare service decrypts the source documents using the comparison ID and runs a comparison.
- The source documents are temporarily written to local disk while they are being pre-processed for comparison or while being post-processed after comparison. These temporary documents are automatically deleted as soon as the comparison has completed.
- The results and the source documents are encrypted using the comparison ID and stored in Microsoft Azure Files.
- When the user views the comparison, the Compare service decrypts the results using the comparison ID and sends them via HTTPS back to Compare for macOS or Compare for iOS.
- Documents may be temporarily written to local disk while they are being pre-processed for comparison or while being post-processed after comparison. These temporary documents are automatically deleted as soon as the comparison has completed.
- One hour after the comparison is performed, a scheduled task tells Microsoft Azure Files to expunge (delete) the source documents and the results. If this fails for any reason, Azure Files will auto purge after 24 hours.
What does Microsoft Azure Files offer in the way of security?
The key features of Microsoft Azure Files security are automatically applied by default within our Compare Service allowing us to prevent, detect, and respond to breaches. In particular, Azure Files:
- Encrypts data at rest. For more information, see Azure Storage Service Encryption.
- Provides access restrictions at the storage account level so we can restrict access by IP and user credentials. For more information, see Configure Azure Storage Firewalls and Virtual Networks.
For more information about Microsoft Azure Files security, see the Azure Storage Security Guide.
Microsoft Azure
The Workshare Compare service runs in Microsoft Azure. The servers that live within the Compare service infrastructure do not have public IP addresses, and thus are not directly exposed to the internet. The servers only accept HTTPS traffic from the Azure load balancer – no other in-bound traffic is allowed.
The servers also make use of encryption-at-rest (AES-256 for any data that they hold.)
The following article describes the various security measure Azure has in place as a platform.
https://docs.microsoft.com/en-us/azure/security/
Our approach to security
Workshare has obtained the ISO 27001:2013 certification in respect to information security.
We know that keeping customer data safe and secure is of paramount importance and one of our primary responsibilities.
We are dedicated to ensuring that our customers have the highest confidence in our security practices and infrastructure.