Security FAQ

This article answers frequently asked questions about Datto SaaS Protection security considerations.

Environment

  • Datto SaaS Protection for M365
  • Datto SaaS Protection for Google Workspace

Description

User Error

By using Datto SaaS Protection, your organization has significantly decreased the risk of data loss due to hardware failure. However, user error (the second largest cause of data loss) still exists. Datto SaaS Protection protects against user error, allowing your organization to keep a second copy of all your important Google Workspace and M365 data.

Built-In 256-bit encryption

These encryption methods apply only to Datto SaaS Protection products. Click here for information on encrypting backups on a Datto BCDR device.

At every step along our data-replication process, Datto SaaS Protection uses 256-bit encryption. In particular:

  • All authenticated user interaction with the Datto SaaS Protection application
  • Logging in
  • Configuring services
  • Altering settings
  • Accessing archived data

Datto SaaS Protection encrypts your duplicate archives. Each worker node in our system possesses a unique AES 256-bit encryption key assigned to that node. All data written for the user is encrypted using that key at the time of storage, and decrypted on demand when the data is retrieved. The keys are managed by LUKS, with passwords distributed on a strict need-to-know basis. Data in transit is encrypted similarly, using industry-standard SSL communication.

Internal controls

Datto SaaS Protection grants access to stored data internally using the “principle of least privilege through appropriate roles and only on a “need-to-know” basis and manages its systems in line with security industry best practices, including the ISO 27000 series and NIST Security Publications.

Additional Resources