Security features of CloudBerry

Brief description of current security features in Managed Backup Service and Backup agent


MBS Console

Two-factor authentication

To minimize penetration risk we implemented 2FA. You could enable it in General settings section

MBS 2FA

2FA option available for root accounts and sub-administrators.

SSL/TLS

We use SSL within our environment. If you're concerned about overall servers security you can always check our servers from outside with vulnerabilities assessment tools, like SSL Labs by QualysGuard. Test results can be found at the following links:

https://www.ssllabs.com/ssltest/analyze.html?d=mspbackups.com

https://www.ssllabs.com/ssltest/analyze.html?d=mbs.cloudberrylab.com


Backup agent

Data in transit encryption

During data transfers, we encrypt data with SSL/TLS protocols.

On-site encrytion

Cloudberry is able to encrypt data before sending it to the cloud (it can be encrypted with AES algorithm (with key length 128-256))

AES support for on-site encryption

Server-side encryption

Cloudberry agent supports AWS S3 encryption REST API

AWS REST API support

Temporary security credentials

Our software support temporary security credentials using AWS Security Token Service API. These credentials have limited lifetime which means that even in case of security breach they can't be used for any valuable period of time.

Assume role

Using AWS Assume Role Cloudberry Backup gains cross-account access ability. Assuming role gives user an opportunity to have one set of long-term credentials in one account and use temporary security credentials to access all the other accounts.