By default, OwnBackup uses AWS S3 buckets to deliver secure, high availability storage and server- side encryption via AWS Key Management Service. OwnBackup manages the keys required for S3 to encrypt and decrypt stored objects on a partitioned server. Keys are rotated once per year.
This optional service provides additional security controls over the keys used to encrypt and decrypt data stored on OwnBackup.
Use your own encryption keys for data encryption at the bucket level. OwnBackup has no access to the keys at any time, and does not access the key management system directly. Revoke access to the S3 bucket without interacting with OwnBackup, instantly blocking OwnBackup from accessing or updating the customer’s data. All key management activities are logged within your KMS including key retrieval by the S3 bucket.
Salesforce Shield protects your enterprise with enhanced trust, transparency, compliance and governance across all of your business-critical applications. OwnBackup adds an additional layer of security to further mitigate risk.