All communications between your computers and our servers / cloud storage is transported through a 256-bit SSL (Secure Socket Layer) communications channel. This is the same level of encryption that is used to process credit cards securely over the internet. Your data is treated with the same care and security as your on-line credit card purchases.
Some highlights of our service are:
- Point-to-point SSL communication between server and client.
- Support HTTP/HTTPS Proxy and Socks v4/v5 firewall.
- Data is up to 256-bit encrypted when stored on backup server.
- Choice of different encryption algorithms, e.g. Twofish, Data Encryption Standard (Triple DES), Advance Encryption Standard (AES).
- Choice of different encryption modes, e.g. Electronic Cook Book (ECB) and Cipher Block Chaining (CBC).
- User can restrict online access to his files to his pre-defined list of IPs.
The data is encrypted on your computer before it is transmitted over internet to our servers / cloud storage. Prior to your data reaching the internet, all of your files are compressed and encrypted with an encryption key created by your company at your location. The files are transported and stored in this encrypted state, ensuring that even if the files were physically obtained or downloaded off of your computer, data is still unable to be read. Even if your network is hacked and gained access to, your stored data would not be able to read or used.
In v7 of our software when "Default" encryption type is selected, a randomly generated 44 alpha numeric characters will be used as the encryption key, and data will be encrypted with 256-bit AES algorithm and CBC method. This encryption method cannot be hacked even by supercomputer and thus is totally secure. In v6 of our software the user chooses the key, length and encryption type in Default mode.
You can also restrict access to your backup files from a set of IP addresses specific to your organization. If someone tries to access your data from an IP address outside your organization, their access will be denied. This layer of security ensures only employees within the company can perform restorations, even if the correct username and password credentials are supplied.
The encryption algorithms used are:
Currently, the algorithm used by the Default encryption type for encrypting your files is Advanced Encryption Standard (AES), with 256-bit block ciphers. It is adapted from a larger collection originally published as Rijndael. AES is the first publicly accessible and open cipher approved by the National Security Agency (NSA) of USA for protecting top secret information. It is commonly recognized as one of the most secure encryption algorithms in today’s standard.
It would take nearly 150 trillion years to crack the 128-bit algorithm
The encryption key used to encrypt your files is known only to your company, and is stored only on your computer in v6. In v7, there is an option to transmit and store your key in a secure format to our server / cloud storage, to provide a key-recovery option. Even though the files are stored off-site in our Data centers, no one (not even storeitoffsite) will be able to read or view content of the files, even with direct access to the server itself.
Access to our two Data centers are controlled through serialized keyfob access or biometric fingerprint, and that access is logged. All Data center activity is monitored by camera and is video recorded. Each of our facilities has Diesel Generator and Battery Power backups, as well as a Smoke Detection and Gas-Based Fire Suppression system. Your data is always available 24/7/365.
Examples of Security and Encryption Setup in v6 and v7
When enabled (enabled by default), data can be compressed and encrypted with a "User Selectable" algorithm, mode and 256-bit encryption key. This is configured on a job-by-job basis, during backup job creation, within the Backup Manager.
Default encryption setting:
- Encryption algorithm: AES
- Encryption mode: ECB
- Key Length: 256 bits
- Encrypting key: Same as current password
- Twofish - Twofish algorithm
- DESede - Triple DES algorithm
- AES - Advanced Encryption Standard algorithm
- ECB - Electronic Cook Book mode
- CBC - Cipher Block Chaining mode
Encryption settings are set at a backup set's creation time and cannot be modified afterward.
- Length Make sure the encryption key is at least eight or more characters.
- Complexity Include lowercase, uppercase letters and numbers, use the entire keyboard not just the letters and characters you use or see most often.