Azure CosmosDB Incident
The OwnBackup services and key supporting partners are not affected by the recently disclosed Microsoft Azure CosmosDB vulnerability. OwnBackup employs private access only to DB components, which prevents unauthorized access, as confirmed by Microsoft in their announcement and our internal investigation.
Kaseya Cyber Incident
Please note that OwnBackup does not use Kaseya and is NOT affected by the recent incident, including third parties related to the delivery of the OwnBackup services. Our security team continues to monitor the situation and any other issues which may affect our services and report as necessary.
Uptime and Availability
View uptime and availability history for the OwnBackup service: https://status.ownbackup.com/
OwnBackup takes privacy and security very seriously. Our platform was built from the ground up with security in mind utilizing leading information-security best practices. We help our customers stay in compliance within a variety of data protection regulations.
For details on our security controls download our security controls document
Salesforce.com ISV Partner
OwnBackup is a Salesforce.com authorized ISVForce partner and undergoes annual security assessments from salesforce.com in order to maintain this status.
OwnBackup’s security features ensure that data is always encrypted: both in transit and at rest. Our state of the art security measures include TLS 1.2 on every page in order to ensure all traffic to and from the website is always encrypted. Additionally, while at rest, the OwnBackup platform uses AES 256bit encryption and community-adopted oAuth authentication protocol to ensure passwords are never stored on our servers.
OwnBackup is SOC2 Type II compliant and completes an annual SOC2 compliance review, audited by well known industry licensing firms. This process ensures that information security practices, policies, procedures and operations meet or surpasses the rigorous SOC2 standards for security, availability, confidentiality and processing Integrity.
OwnBackup has achieved two internationally recognized ISO certifications, including information security management standard ISO/IEC 27001:2013 and data privacy controls standard ISO/IEC 27701:2019. By meeting these critical security and privacy assurance standards, OwnBackup can better reduce identified risks and provide greater overall information security and privacy protection for customers.
OwnBackup is certified with Privacy Shield. The EU-U.S. and Swiss-U.S. Privacy Shield Frameworks were designed by the U.S. Department of Commerce and the European Commission and Swiss Administration to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce.
OwnBackup is working in accordance with both the HIPAA and HITECH regulations. For customers that process Protected Health Information (PHI) and Personally Identifiable Information (PII) we are able to enter into a Business Associate Agreement (BAA). We utilize dedicated and a physically separated environment for HIPAA customers.
OwnBackup instances and storage are available on both AWS and Azure. The service is hosted on AWS cloud platform in the USA, Canada, the European Union, and Australia. On Azure, the service is hosted in the European Union. These top-tier, secure facilities hold the following accreditations: SOC1 – SSAE-16, SOC2, PCI DSS Level 1, ISO 27001, HIPAA, FIPS 140-2, and more. These data centers are protected by the strictest security controls and physical access to the servers is restricted to authorized personnel only. OwnBackup’s services run on our own VPC (Virtual Private Cloud) inside AWS or an Azure Virtual Network inside Azure in order to further isolate our networks in accordance with network and security best practices.
Data Backups and Disaster Recovery Plan (DRP)
OwnBackup’s backup policies and procedures outline the different critical resources that are backed-up automatically. All production data is being backed up automatically twice a day onto a separate infrastructure. Furthermore, application level exports are also performed on our various tools and databases.
OwnBackup’s DRP is designed to ensure the continuation of vital business processes in the event of a disaster. The DRP enables recovery within the RPO and RTO needed to meet our SLAs. OwnBackup exercises its DRP twice a year.
For security related questions or to report an incident contact us 24/7 via email: firstname.lastname@example.org