CloudBackup offers robust security management features which includes the facility to encrypt and send backups to the CloudBackup  servers.

Our client and server installations communicate using a TCP/IP based secure connection which reduces the risk of your valuable data being stolen.

CloudBackup uses the industry standard Blowfish algorithm to secure your business data. This secure encryption technique has never been broken before. Our backup system automatically encrypts your backups with 448-bit military level encryption.

Your data is encrypted with your password before leaving your system. It is then transferred over the secure connection to our CloudBackup servers, where it is stored in its encrypted format.

Only you have the key to decrypt your data, no one at CloudBackup can access your files without it.

Technically speaking …

CloudBackup ensures security of backup data in the following ways:

Authenticated connection between client and the backup server. During the client-server connection initialization, the client and the backup server generates random private/public key pairs and based on these random key pairs, the authentication takes place with the client password (hashed and encrypted with the private key). The private keys are never sent out from the client or the server.

The backup data encryption password is hashed before sending it to the backup server. Also, CloudBackup uses its own protocol over raw TCP sockets over SSL for communication between the client and the backup server. The passwords are never transmitted in clear text. Even if the connection between the client and server is through raw TCP sockets (and not using SSL over TCP) the passwords can never be read as they are all hashed and sent.

In CloudBackup’s design the backup server never requires the encryption password at all. The hashed encryption password is sent just for the backup server to verify that the encryption password has not changed across different schedules for the backup. If it did, the backup server will not accept the backup as encryption passwords cannot change across schedules.

Therefore, even if the data is sniffed while in transition from the client to the backup server, the encryption password cannot be captured. Without the encryption password, the encrypted (BlowFish encrypted, up to 448 bit ) backup data cannot be decrypted. And same is the case with the authentication password used for connection between the client and the backup server.