This article answers frequently asked questions about Backupify/Datto SaaS Protection security considerations.
- Backupify/Datto SaaS Protection for Office 365
- Backupify/Datto SaaS Protection for G Suite
By using Backupify/Datto SaaS Protection, your organization has significantly decreased the risk of data loss due to hardware failure. However, user error (the second largest cause of data loss) still exists. Backupify/Datto SaaS Protection protects against user error, allowing your organization to keep a second copy of all your important G Suite and O365 data.
Built-In 256-bit encryption
At every step along our data-replication process, Backupify/Datto SaaS Protection uses 256-bit encryption. In particular:
- All authenticated user interaction with the Backupify/Datto SaaS Protection application
- Logging in
- Configuring services
- Altering settings
- Accessing archived data
Backupify/Datto SaaS Protection encrypts your duplicate archives. For every new account created (each email address), our system automatically generates a unique AES 256-bit encryption key for that user. All data written for the user is encrypted with that key prior to storage. Data remains encrypted both in-transit and at-rest.
Upon retrieval (e.g. when a user views/downloads Archives through the Backupify/Datto SaaS Protection Web interface), the key is used to decrypt the stored data. All users’ AES keys are stored on the Backupify/Datto SaaS Protection production system and the central list of keys is encrypted with Backupify/Datto SaaS Protection's master RSA-2048 private key.
Backupify/Datto SaaS Protection grants access to stored data internally using the “principle of least privilege” through appropriate roles and only on a “need to know” basis and manages its systems in line with security industry best practices, including the ISO 27000 series and NIST Security Publications.
- The Datto Cloud: Uncompromising Security & Constant Availability
- How Do I Encrypt Backups on A Datto Appliance?