ownbackup logo

OwnBackup Data Encryption and Key Management

Protect the security and privacy of your Salesforce data backups and meet government and industry regulations with state-of-the-art data encryption and key management services.

Core Security and Privacy Controls from OwnBackup

By default, OwnBackup uses AWS S3 buckets to deliver secure, high availability storage and server- side encryption via AWS Key Management Service. OwnBackup manages the keys required for S3 to encrypt and decrypt stored objects on a partitioned server. Keys are rotated once per year.

  • Data encrypted at rest via AES256
  • Data encrypted in transit via TLS1.2+
  • Encryption based on AWS FIPS 140-2 certified Key Management Service
  • Data never leaves OwnBackup’s highly restrictive and audited production environment
  • Storage architecture based on AWS S3 buckets with a resiliency of 99.99999999999%
backups-icon-1
Encryption keys listing for Advanced Key Management-icons

Advanced Key Management (AKM)

This optional service provides additional security controls over the keys used to encrypt and decrypt data stored on OwnBackup.

  • Account data on a dedicated volume encrypted at rest with a customer-provided master encryption key
  • Authorized users may later archive that key and replace it with another master encryption key
  • When a new master key is provided, a new dedicated volume is created and the data re-encrypted
  • Master encryption keys can also be revoked, resulting in immediate inaccessibility of underlying data

Bring Your Own Key Management System
(BYO KMS)

Use your own encryption keys for data encryption at the bucket level. OwnBackup has no access to the keys at any time, and does not access the key management system directly. Revoke access to the S3 bucket without interacting with OwnBackup, instantly blocking OwnBackup from accessing or updating the customer’s data. All key management activities are logged within your KMS including key retrieval by the S3 bucket.

  • Keys created in customer’s Amazon Web Service Key Management System (AWS KMS)
  • Customers permission access to the key by OwnBackup’s AWS account
  • OwnBackup enables encryption on an S3 bucket dedicated to the customer and configures the bucket to user the customer’s key
change-management-page-add-master-key (1)

The Perfect Compliment to Salesforce Shield

Salesforce Shield protects your enterprise with enhanced trust, transparency, compliance and governance across all of your business-critical applications. OwnBackup adds an additional layer of security to further mitigate risk.

sf-shield-akm