Migration refers to a process of transferring content such as emails from a source system to a target system. For example, an email migration may be performed to transfer email from a mailbox in a source system to a corresponding mailbox in a target system. An email migration may be performed for various reasons including when a company switches over to a new email service provider, switches to a different platform (e.g., traditional vs. hosted), is acquired, etc.
FIG. 1 illustrates an example computing environment 100 in which a migration engine 101 is interposed between a source system 102 and a target system 103 for the purposes of performing a migration. Generally speaking, migration engine 101 reads content on source system 102 and writes the content to target system 103.
Migrations are not a frequent activity for most IT personnel, and therefore, organizations do not typically have the expertise or personnel to properly manage the entire migration process. As a result, many migrations include some level of outsourcing either to assist with migration preparation or in managing and monitoring migrations throughout the migration process. For example, an organization may hire consultants to assist in configuring migration engine 101 to properly access source system 102 and target system 103.
In these instances, organizations must supply the consultants with credentials for accounts with elevated permissions within their source and target systems (i.e., “admin credentials”). The consultant would typically use the admin credentials to configure migration engine 101 to properly access source system 102 and target system 103 to perform various migration tasks. However, with the admin credentials, the consultant could also improperly access the source or target systems.
For example, FIG. 2 represents various ways in which a consultant 150 may employ admin credentials 110 to access source system 102 and admin credentials 111 to access target system 103 some of which may be unauthorized. As shown, consultant 150 may employ a computing device 104 to establish a connection (e.g., an SSH or RDP connection) directly with source system 102 or target system 103 or to configure migration engine 101 to establish a connection with source system 102 or target system 103.
The particular manner in which a consultant could access source system 102 or target system 103 is not important to the invention. However, what is important is that, with these admin credentials, the consultants will have access to critical resources and sensitive data within source system 102 and target system 103. In other words, the admin credentials will give the outside consultants the same or even higher levels of access than many of the organization's inside IT personnel. Organizations may therefore be reluctant to hire consultants during a migration or may even be reluctant to perform a migration.