Security features of CloudBerry
Brief description of current security features in Managed Backup Service and Backup agent
To minimize penetration risk we implemented 2FA. You could enable it in General settings section
2FA option available for root accounts and sub-administrators.
We use SSL within our environment. If you're concerned about overall servers security you can always check our servers from outside with vulnerabilities assessment tools, like SSL Labs by QualysGuard. Test results can be found at the following links:
Data in transit encryption
During data transfers, we encrypt data with SSL/TLS protocols.
Cloudberry is able to encrypt data before sending it to the cloud (it can be encrypted with AES algorithm (with key length 128-256))
Cloudberry agent supports AWS S3 encryption REST API
Temporary security credentials
Our software support temporary security credentials using AWS Security Token Service API. These credentials have limited lifetime which means that even in case of security breach they can't be used for any valuable period of time.
Using AWS Assume Role Cloudberry Backup gains cross-account access ability. Assuming role gives user an opportunity to have one set of long-term credentials in one account and use temporary security credentials to access all the other accounts.