Secure Bank Grade Encryption
Secure Bank-Grade Encryption (and Lots of Other Reasons to Feel Secure)
Let's Start with Reason #1: Bank Grade Encryption
Your files are protected using 448 bit Blowfish Encryption before they leave your PC. This extremely secure “bank grade” encryption algorithm has never been cracked.
That's right—we said never.
Your files are then stored in this encrypted state at our secure data center.
Further Protection with Individual Data Security
With Data Deposit Box, each user gets their own individual account and password. This is significant because it means that each user also gets a unique encryption key. This encryption key ensures that, while your data is securely stored at our data center, only you have access to your data. In fact, even our most privileged systems administrators do not have the ability to decrypt your data.
Password Security That is Second To None
Great lengths are taken in our system to ensure your password remains a secret. A few examples:
- your password security practices have been modeled after premier online banking web sites
- your password is encrypted before it is stored in our database. At no point is an administrator able to retrieve your password. Nor does an administrator have the ability to set your password to a known value
- when you activate your account, you are required to choose a password and set up a security question. If you forget your password, or repeatedly try to log in with an incorrect password, the system will lock you out after a few attempts. You may then reset your password by correctly answering your security question.
- if you incorrectly answer your security question, you are again locked out after a few attempts. In the unlikely event that you forget your password and the answer to your security question, you must contact Data Deposit Box directly for manual identity verification.
Our Secure Data Center
Your data is securely stored in our Carrier Grade data center. Our all Cisco based switched network employs redundant Internet providers, redundant routers, and redundant firewalls. We use BGP and HSRP protocols to implement fail-over and redundancy.
What does all that mean? Well, here's one example:
Our data center was up and running throughout the big blackout of August 2003
Need more convincing?
We use only Carrier Grade computer hardware from major manufacturers to store your data. There are no “clones” in our data center. All systems operate on redundant power. Servers have dual power supplies fed from separate electrical panels. The facility includes triple redundant diesel generators, dual redundant UPSs, the latest fire suppression equipment, and 24 hour guards on-site.
When your data is stored on our servers, it is written to RAID 5 disk arrays (including hot spare drives). Each storage server is then replicated in real time to a second storage server for backup. Every precaution is taken to protect the integrity of your data.
In other words—words you can understand—there are two key things to know about our Data Center: your data is safe from crashes; your data is safe from hackers.
Still More Reasons to Trust Data Deposit Box
End-to-End Verification
As each file is transferred to our data center, we carefully verify its integrity against a known CRC signature. Files are re-verified each time they are written to disk. If any file fails verification, it is retransmitted from your PC or recovered from the replica server. This ensures that the data stored on our servers is the same data that was stored on your PC.
Secure Protocol
The Data Deposit Box client communicates with our servers over a proprietary protocol that was designed specifically for Internet backup. Other Internet backup products that use popular web protocols like HTTP, FTP, or WebDav can be vulnerable to hacker and virus attacks. The extreme popularity of these protocols makes them a target. It is extremely unlikely that a hacker is going to invest the time and effort to go after a proprietary protocol. Even if they did, the 448 bit Blowfish Encryption has never been broken.
Firewalls
To maximize compatibility with home and corporate firewalls, the protocol used by our Backup Client was designed to look to a firewall just like the SSL protocol used in web browsers. This means that if you are able to surf to our web site, you will be able to connect with our backup software.
Specifically, our backup client runs on port 443 and mimics SSL's handshaking protocol. Almost all firewalls will pass our backup traffic without reconfiguration. We also support the use of proxy servers. Our web browser interface also uses generic HTTP and HTTPS on ports 80 and 443.
Corporate Remote Access Policy
Many organizations have a policy to control access to their data from outside of the organization. VPNs and Firewalls are generally used to control this, but become ineffective when the data is stored off-site. The same features that empower a laptop user to backup and restore his or her data while on the road may violate corporate information policy.
Data Deposit Box includes the ability to restrict data access to only specific IP addresses. A Corporate Administrator can define the IP address ranges of their firewalls and access points. Once the definitions are in place, users can only access the data from the allowed locations.
As We Said, Security That's Second To None
In fact, if you consider the risks to which your data could be exposed on your computer—everything from hardware damage to hackers—it's not hard to see that your valuable data is actually better protected by the multiple levels of security and safeguards listed above.
