Security and Compliance

Secure Tenancy​ and Secure Data Plane

Elastio offers multiple levels of security and compliance requirements while delivering access to our multi-tenant console. The options make use of a combination of AWS secure services and enterprise grade encryption to protect the control messages and meta-data sent between the Elastio cloud connector that resides in the AWS account and the AWS console. Commands from the tenant and meta-data about Elastio operation in your AWS account are always encrypted in transit, and your actual backup data never leaves your account and is not accessible by the cloud connector or personnel.

Service is entirely resident in the user’s AWS accounts

Elastio secures user data in the user account and data is never transferred to or accessible by Elastio. The data is encrypted at-rest using Amazon KMS keys and in-flight and can be air-gapped in a separate account for additional isolation.

Secure control path

Elastio uses a lightweight command-and-control channel between our SaaS and customer AWS accounts, built on AWS SQS queues and Lambda functions. The service requires access to certain AWS APIs, but this can be accomplished via PrivateLink if the VPC is isolated from the Internet. As part of our service deployment, the customer grants an Elastio controlled tenant-specific IAM role the permissions Elastio needs to deploy the service, read from these queues and invoke these lambdas. You can monitor the activity on these resources, and can be assured that only the specific operations granted to our IAM role will be performed. There is never an IP network link between Elastio and customer’s VPCs; all communication is via SQS messages and Lambda invocations.

Control messages and data encryption

We enable S3 server-side-encryption (SSE) as an additional layer of protection. All backup data is encrypted with a unique AES key per asset, on the client side, before being uploaded to S3. These keys are in turn protected by a per-vault KMS key, so only IAM roles with permission to access the KMS key are able to decrypt data in the vault.

Because we use a unique AES key per asset, even a malicious client cannot use knowledge of one of these encryption keys to access backup data from another asset, because the other asset uses a different key.

Elastio service network isolation

Our service is self-sufficient and does not depend on the tenant to perform backups and restores of any type, ransomware and malware scanning and backup scheduling. This means an Elastio SaaS outage doesn’t stop scheduled backups from taking place, ransomware and malware scans and doesn’t prevent customers from restoring from backups.

Certifications

Penetration Testing

The Elastio Platform regularly undergoes penetration testing the results of which can be made available upon request and under NDA.

Elastio Data Subprocessors

Name Purpose Entity Country
Intercom Support, informational emails US
Amazon Web Services Cloud service provider US
Hubspot Marketing emails US
Sendgrid Transactional emails and alerts US
Stripe Self-serve account billing US
Full Story Digital experience monitoring US
Auth0 User management US
Mailgun Email service US
Scroll to Top