Skip to main content
Skip table of contents

Data Security

Customer Data Separation / Tenant Isolation

Thru's architecture and data model is designed to decouple and isolate customer metadata from the underlying storage repositories. This logical separation of data creates distinct management planes, security boundaries, and functional domains.


Thru’s system provides end-to-end encryption for data files in transit and at rest. For additional security, file payloads may also be encrypted. 

In Transit 

Data in transit over HTTPS is protected using TLS 1.2 and later; transit over SFTP is protected using SSH; transit over FTP is protected using TLS. 

At Rest  

All data stored in the Thru cloud platform is encrypted by AES 256-bit FIPS-2 compliant encryption keys. Encryption policies isolate storage per tenant and protect customer data from access by platform administrators and data center operators. 

File Payload 

PGP encryption option is supported for managed file transfer payloads. 

Key Management 

SSH and PGP keys can be generated or imported and managed via administration web portals 

SSL client certificate support for FTPS connections. 

For instances of Thru deployed in a customer's private cloud, keys for files encrypted at rest are stored in the cloud platform key vault and can be managed by the customer.

Keys used in at-rest file encryption are protected by Azure Key Vaults utilized in Thru cloud service. 

Data Retention and Destruction Policies 

Data retention rules can be set by the Thru Admin. Customers who no longer subscribe to the Thru service will have their data deleted, which will be unrecoverable.  

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.