The BackupLABS platform and entire company has been engineered around the security and privacy of our customers data, with a focus on high availability.
We chose to host our platform within AWS (Amazon Web Services) due to its focus around security, redundancy, resilience, flexibility and scalability. With AWS, even we do not have access to the datacenter.
We use the AWS London and USA (East) locations, with more to be added periodically as required. All AWS datacenters feature:
- AWS employees only access
- 24 hour CCTV monitoring
- Intrusion detection
- Full access review and logging
- Fully redundant electrical power systems, with a backup power supply to remain operational 24 hours per day
- Automatic fire detection and suppression systems
- Leakage detection systems to detect the presence of water
The AWS datacenters we use are also fully compliant with the most common certifications and laws: ISO 9001, ISO 27001, ISO 27017, ISO 27701, ISO 27018, PCI DSS, SOC 1, SOC 2, SOC 3, HIPPA, HDS, FIPS, NIST, EU GDPR and UK Cyber Essentials Plus.
Software & Data Security
BackupLABS is secure by design and we operate a “zero knowledge” policy.
- Our platform can only access your data from an authorized access token that you (your account) provide from the app. These tokens are stored via the AWS Key Management Service.
- Your data is transferred over the internet from the app provider using 256-bit TLS encryption. Once the data arrives at AWS, they are stored at rest in separate S3 storage buckets using 256-bit AES GCM encryption. We have no access to any unencrypted data.
- For the payment system, we utilize Stripe and their API to handle all credit card transactions. We have no access to full credit card data and the system is fully PCI compliant.
- Finally, we use a dedicated and separate logging management system to monitor all changes and access to our platform.
All of our staff members operate on a least privilege basis. We perform regular background checks on employees and all receive comprehensive onboarding training.
Regular training is provided to ensure we are up to date with the modern security practices, coding guidelines, processes and AWS infrastructure environments.