3Shape implements stringent access controls across its services. For synchronizing medical data with 3Shape Cloud Storage, users must be authorized through a 3Shape Account Company and the company must agree to specific Cloud Storage Consent. Additionally, operational access to the production environment is role-based, requiring 3Shape operators to seek privilege elevation from another Active Directory (AD) operator to ensure secure and regulated access.

3Shape ensures the security of users' data with encryption measures. During data transfer, 3Shape utilizes mutual TLS to confirm the identities on both sides, creating a secure connection. For stored data, 3Shape employs Azure's standard encryption methods to safeguard information.

3Shape incorporates NIST384 encryption, which encrypts data before it leaves users' devices, enhancing overall security. The encryption mechanism for 3Shape Cloud Storage is client-side, meaning that data is encrypted on users' devices before it is sent. This setup ensures that 3Shape does not have the capability to decrypt users' data; only users can access the decryption keys through the Key Management Service. This multi-layered approach ensures comprehensive protection of users' data at all stages. 

3Shape Cloud Storage uses a special storage method where the content itself helps determine where it is stored. This means if any part of the content changes or gets corrupted, the system will not be able to find it because the storage address will no longer match. This helps keep customer's content safe and unchanged, because any alteration is easily detectable. 

Whenever any medical data is created, updated, or deleted in 3Shape Cloud Storage, these actions are securely signed using a special digital certificate. This certificate is provided only after authorization by a 3Shape account. The signature, which verifies who made the changes, becomes an integral part of the data itself. This process ensures that all changes to medical data are properly recorded and verified, enhancing security and traceability. This is an integral and insperatable part of the medical data and stored in 3Shape Cloud Storage. 

To ensure that 3Shape Cloud Storage is secure and reliable, 3Shape follows strict coding practices. Every piece of code must go through a review process and pass automatic tests before it can proceed. Additionally, 3Shape first releases updates to a test environment where they undergo thorough testing across different products. This step helps catch any issues before the software goes live. 3Shape also periodically conducts penetration testing, a kind of security check, to find and fix any potential vulnerabilities for users. 

3Shape regularly updates its software every two weeks to ensure you have the latest enhancements and security features. These updates are thoroughly automated to ensure consistency and reliability. The only manual step in this process is the final one, where the update is approved for release into the production environment. This careful approach helps maintain high standards of security and performance for all users. 

3Shape ensures the safety and availability of user data with a robust backup and recovery system. Our blob storage and PostgreSQL databases are configured with Zone-Redundant Storage (ZRS), which means user data is replicated across multiple geographic locations. This setup not only protects against data loss but also enhances data recovery capabilities. The same zone redundancy is applied to the storage accounts that manage these systems, ensuring comprehensive protection for all stored user data.