Data Handling and Security FAQs

Yes. For more information refer to Data handling and security.

By default, all values suspected as literals are removed before being displayed or saved in the Foglight repository. You can choose to keep the original queries as is. For more information refer to Replacing literals.

Foglight Cloud tracks SQL queries that are executed and the query plans used to execute them. This may contain fragments of data in the form of string literals. By default, we remove these to prevent any accidental or unexpected data uploads.

• Our data center provider, Microsoft Azure, maintains ISO 27001, SOC2 Type II, and many other certifications. For more information refer here.

• Since Foglight Cloud is a SaaS product, vulnerability patches are applied instantly to all users.

• Out-of-date software frequently exposes an organization’s security vulnerabilities. Microsoft has a dedicated team that works 24/7 to ensure their infrastructure is patched and updated in response to any security threats. Similarly, Foglight Cloud’s security team works to keep Foglight Cloud’s code up-to-date and respond to any security threats that may arise.

• Foglight Cloud’s infrastructure and application undergo periodic penetration testing by an independent third-party penetration testing firm.

• Foglight Cloud stores all data in Azure managed databases (SQL Server and PostgreSQL)

• All data is encrypted with AES 256. This is the same top-level encryption currently used by the NSA and US government.

Foglight Cloud data is encrypted in transit using TLS 1.2.

Currently, we keep the performance data related to paid accounts for one year for trend analysis.

Yes. To delete your data completely, you should either raise a support case or email your Quest account manager. As soon as the data is deleted, you will be notified.

The collected data from Foglight agents is stored in the repository database - a central location that is managed by Quest on Azure. Each customer has their own database which is protected through user access control. The data is stored on Azure data centers in USA, North America.

You can review the list of ports on the Data Handling and Security page.

Yes, Foglight Cloud uses Quest Identity Broker (QIB) to handle authentication for Foglight. QIB can be configured to integrate with Microsoft Entra to manage accounts. For more information refer to the following knowledge base: How to enable Azure Active Directory (AAD) authentication (Entra ID) with Foglight Cloud (4375832)