GS RichCopy 360

Introduction

GS RichCopy 360 is an enterprise-class data migration and file replication solution designed to operate in complex on-premises, hybrid, and cloud environments. This whitepaper provides an overview of the security principles, architectural design, and operational safeguards implemented within GS RichCopy 360 to assist customers in evaluating its security posture.

GuruSquad develops GS RichCopy 360 with a strong emphasis on security, performance, reliability, and compatibility with enterprise and regulated environments.

Security Design Principles

GS RichCopy 360 is built around the following core security principles:

  • Least privilege by default, with controlled elevation where required
  • Secure handling of credentials, including encryption at rest and environment binding
  • Use of platform-provided security controls rather than proprietary cryptography
  • Minimized attack surface, including limited third-party dependencies
  • Direct data paths, ensuring customer data does not transit vendor infrastructure

Privileged Operations and Access Control

GS RichCopy 360 performs advanced file-system operations that require elevated privileges, including:

  • Preserving NTFS permissions and ownership
  • Interacting with Windows Volume Shadow Copy Service (VSS)
  • Performing security overrides on protected local data sources

By default, users executing the software are required to be members of the local Administrators group to ensure these operations can be performed securely and consistently.

Credential Management and Protection

Stored Credentials: GS RichCopy 360 may store credentials required to authenticate to source and destination systems. These credentials are encrypted at rest within the application database and are accessible only by the local installation context.

Cloud Credentials: Credentials used to authenticate to cloud storage providers receive an additional layer of protection:

  • Cloud credentials are encrypted and bound to the local machine installation
  • Copying or moving the database to another system invalidates stored credentials
  • Reauthentication is required when credentials are accessed from a different system

Cryptography and Encryption

GS RichCopy 360 supports AES-128 and AES-256 encryption when encryption is enabled. The Remote Transfer Agent (RTA) is designed to leverage hardware-accelerated, platform-provided cryptographic capabilities to reduce performance impact while maintaining strong encryption.

Cryptographic Standards Alignment: GuruSquad follows FIPS-aligned cryptographic practices and NIST security guidance when implementing encryption and security controls. Where supported by the underlying operating system, FIPS-validated cryptographic modules are leveraged.

Third-Party Dependencies

To reduce risk and increase predictability:

  • Core operations—including file enumeration, comparison, and copy functionality—are implemented natively without reliance on third-party libraries
  • The only exception is SFTP functionality, which uses a trusted, industry-standard third-party library appropriate for secure file transfer

This approach minimizes supply-chain risk and reduces the external security dependency footprint.

Licensing and Activation Security

During installation, GS RichCopy 360 generates a randomized application identifier used for licensing and activation purposes. GuruSquad activation servers store the generated identifier and the registered customer email address only.

  • Machine names, hostnames, or environment identifiers are not transmitted or stored
  • This design reduces exposure of customer infrastructure details

Architectural Overview

Secure Data Flow

GS RichCopy 360 does not provide cloud storage services and does not act as an intermediary for customer data. Data transfers occur directly between the installed application and the destination system or service. No customer data transits GuruSquad infrastructure or networks.

Cloud Provider Integrations

When interacting with cloud storage platforms, GS RichCopy 360 uses official provider SDKs or REST APIs and secure transport protocols (typically HTTPS) to encrypt data in transit. Security controls are inherited from the target cloud provider's supported mechanisms.

Native Operating System Integration

All data-related operations utilize native operating system and .NET APIs, including:

  • File and directory enumeration
  • Copy, move, and delete operations
  • NTFS permission handling
  • Volume Shadow Copy Service (VSS) operations

Logging, Auditing, and Visibility

GS RichCopy 360 includes comprehensive logging features to support troubleshooting and audit requirements:

  • Minimal logging (default): Provides aggregated error summaries
  • Practical and Verbose logging modes: Offer detailed operational insights, including lists of copied and skipped files

Job History and Retention

Job history retains information for the most recent 500 jobs by default. Older entries are automatically purged to maintain performance. Retention limits can be adjusted via configuration files to meet operational or compliance requirements.

Installation and System Impact

GS RichCopy 360 is distributed as a standard MSI package. Registry usage is intentionally minimized to reduce system impact. This approach benefits servers with large or heavily utilized registries and supports stable operation in enterprise environments.

Conclusion

GS RichCopy 360 is designed with security as a foundational principle. By leveraging platform-provided security mechanisms, minimizing third-party dependencies, and enforcing direct data paths, GuruSquad delivers a solution that aligns with enterprise security expectations while maintaining performance and scalability.

This security-focused architecture enables GS RichCopy 360 to operate effectively in regulated, enterprise, and FIPS-aligned environments without unnecessary exposure or complexity.