CloudAlly provides a secure online backup solution with internationally recognized accreditation for information security management.
ISO 27001 and HIPAA Compliant
CloudAlly is ISO 27001 certified which is an internationally recognized accreditation for information security management. We are also HIPAA compliant and can provide a BAA Agreement on request.
Cloud Security Alliance (CSA)
CloudAlly participates in the Cloud Security Alliance STAR (Security, Trust and Assurance Registry) program using CSA’s Cloud Controls Matrix (CCM). CCM is a framework of cloud-specific security controls ensuring that participating organisation adhere to leading industry standards, best practices and regulations.
Data Security and Encryption
All data is stored in Amazon S3 storage and encrypted using advanced AES-256 bit encryption algorithms. Transmitted data is encrypted and secured using SSL (HTTPS) enabled servers.
CloudAlly uses a unique encryption key for each customer, and the keys are securely stored. Use of a unique S3 folder for each customer ensures data isolation.
Additionally, every backup task has its own initial vector, which is stored securely and separately from the user key. This technique helps CloudAlly to encapsulate the users’ data.
Our servers are strongly secured, hardened and include the latest security patches. Only a very limited number of CloudAlly’s core team members have access to production keys.
CloudAlly uses industry standard OAuth for permission based access when possible, eliminating the need to enter or store user credentials on the CloudAlly system.
The OAuth “token” limits access to exactly what CloudAlly needs to do and doesn’t provide general access to your account. You can revoke authorization at any time. If OAuth is not available for a specific service then credentials are stored using advanced AES-256 bit encryption algorithms.
You can add Two-Factor authentication to your CloudAlly account for additional security from the Account Settings page using any industry standard authentication app.
Payment processing, including credit card information, is hosted by our payment processor which is fully PCI compliant. No payment information is handled or stored on the CloudAlly system.
CloudAlly Website & Application
Our website has a Secure Security Authorization (HTPS) Certificate issued by GoDaddy, and our application was reviewed and verified secure by Microsoft, Salesforce.com, Google and Amazon Web Services.
Customer backup data is not accessible directly, it can only be accessed using the CloudAlly platform. CloudAlly backups can only be activated, deactivated or restored by the customer’s Data Administrator.
Internal CloudAlly staff do not have access to customer data, and only a limited number of core team members have access to production keys based on a “need to know” policy for problem resolution.
All backup data is retained as long as you maintain your CloudAlly subscription. If you choose to cancel your subscription, your data will be deleted from the CloudAlly archives within 2-weeks.
If you deactivate an individual user backup or database table/domain, that data will be deleted within 24 hours so we recommend downloading the data prior to de-activation if you want to retain the backed up data for local archiving.
CloudAlly archives can optionally be stored in Amazon U.S., Canadian, European or Australian data centers as need for compliance with data privacy directives.