Dropsuite Logo

Security at Dropsuite

Take comfort in knowing that your data is always safe and secure.

Data Security at Dropsuite

Dropsuite is a leading cloud backup platform on a mission to ensure that businesses never lose data again. If a virus, hacker attack or accidental/malicious deletions occur, our customers can restore their mission-critical data such as email, websites or databases, in just a few clicks, keeping their business operation running smoothly. To be the platform of choice for data backup and protection, security is at the core of the product management and development process at Dropsuite.

MFA Application Security

Dropsuite supports multi-factor authentication (MFA) to provide partners with an extra layer of security to help safeguard end user customer data within Microsoft 365 and Google Workspace.

Traditional (conventional) password security offers a single layer of protection. Passwords are susceptible to being compromised through human error, coordinated cyber attacks and theft actors.

Multi-factor authentication provides an additional layer of security protection. After typing your password, multi-factor authentication software automatically contacts you via a secondary, trusted medium, such as your telephone number, and then requests a new form of verification. This second security perimeter significantly strengthens overall application security while reducing the likelihood of unauthorized threat access.

Dropsuite’s multi-factor authentication (MFA) provides partners and customers with an extra layer of security to help safeguard end user data within Microsoft Office 365 and Google Workspace. We’re proud to be a vendor that’s at the forefront of MSP security, providing MFA enhanced partner security protection for our cloud backup and archiving suite of solutions.

When you use Dropsuite Cloud Backup for Office 365, you access the Microsoft ecosystem by activating MFA. This powerful additional layer of security makes it almost impossible for hackers to infiltrate your administrator credentials, blocking a former entry point the bad guys had come to rely on. Since MFA blocks ~99.9 percent of account compromise attacks, your administrator passwords will be safe, and you’ll be able to continue doing what you do best — managing your business.

Data Encryption in Transit and at Rest

Dropsuite enhances data security for our customers’ data by enabling Transport Layer Security (TLS 1.2) cipher for data in transit. All ingress or egress data to and from Dropsuite’s cloud service will be encrypted using TLS 1.2 to prevent third party snooping. Data at rest in Dropsuite’s storage is encrypted with Advanced Encryption Standard 256bit (AES256) cipher that ensures data is safe and secure.

Vulnerability Testing

Dropsuite engages independent/external entities to conduct regular application-level and infrastructure-level vulnerability tests. We also continue to scan and test the Dropsuite application internally, and on a regular basis, preforming regular security patches or upgrades. Results of the external vulnerability testing and remediation are shared by the entire team including management and the board of directors.

Personnel and Access Management

Personnel practices in Dropsuite apply to all employees who have direct access to Dropsuite’s internal information systems, Dropsuite’s cloud solution infrastructure and/or unescorted access to Dropsuite’s workspace. All those employees are required to understand and follow internal policies and standards.

Principle of no privilege is a default standard in Dropsuite. Employees and users in Dropsuite will only have access to what is needed, when it is needed.

Employees will only be granted access to internal systems based upon their work requirements. Requests for additional access follows a documented process and are approved by the responsible owner or manager. Furthermore, all employees sign confidentiality agreement upon joining the company.

Security Management

All employees are required to complete a privacy and security training annually. Individuals with elevated levels of access are required to take a biannual security certification with a private provider. Employees are required to report security and privacy issues to our Data Protection Officer. Employees are informed that failure to comply with acknowledged policies may result in consequences, up to and including termination.

System Monitoring

Dropsuite monitors and logs every server, router, system call, command procedure, etc of our production environment. Logs are kept for as long as legally needed to ensure our systems are secure.

Data Protection Compliance

Dropsuite is committed to protecting the privacy and security of your data. We have a dedicated Data Protection Officer (DPO) who is responsible for ensuring that our products and services meet the highest standards of data security and compliance.

Our DPO work closely with our product and engineering teams to ensure that data security is built into our products from the ground up. We also have a comprehensive set of security controls in place to protect your data, including:

  • Data encryption
  • Access controls
  • Auditing and monitoring
  • Incident response

We have implemented a robust IT infrastructure designed and managed in alignment with industry best practices and a variety of recognized IT security standards. Our certifications and compliance efforts include:

  1. SOC 2 Type 2: Dropsuite has achieved SOC 2 Type 2 certification, which demonstrates our commitment to security, availability, processing integrity, confidentiality, and privacy of customer data.
  2. Cyber Essentials: We have obtained Cyber Essentials certification, signifying our adherence to essential cybersecurity practices and protection against common cyber threats.
  3. HIPAA: Our key developers hold HIPAA certification, ensuring their expertise in handling sensitive healthcare information and compliance with HIPAA regulations.
  4. NIST 800-53: Dropsuite diligently complies with the requirements outlined in NIST 800-53, a comprehensive security control framework established by the National Institute of Standards and Technology.

AWS US GovCloud

Dropsuite is committed to data security and compliance. We have established a separate environment in AWS GovCloud, a specialized region designed to meet the stringent security requirements of government agencies. While we are not specifically FedRAMP Moderate certified, we ensure compliance with applicable regulations and leverage the benefits of AWS GovCloud to collaborate effectively with government entities and pursue Authorization to Operate (ATO) certification.

AWS GovCloud provides a secure and isolated environment that aligns with government standards, including FedRAMP. By utilizing AWS GovCloud, Dropsuite can take advantage of the following:

  • Built-in security controls
  • Extensive monitoring capabilities
  • Compliance frameworks offered by the AWS platform

These benefits enhance our ability to meet the unique security needs of government agencies and work towards achieving ATO certification.

Dropsuite strives to maintain the highest level of security and compliance. However, it’s important to note that specific certifications like FedRAMP Moderate require a formal assessment and authorization process. By leveraging the capabilities of AWS GovCloud, Dropsuite can establish a secure foundation and collaborate closely with government agencies to fulfill the necessary requirements for ATO certification.

Data Center Security

Dropsuite data center security diagram.

Dropsuite understands the importance of data sovereignty to its international partners. To that end, Dropsuite offers data center support in multiple country-locations, allowing customers to store their data in the country of their choice. For example, Dropsuite offers AWS data center support in Canada, ensuring that Canadian customers’ data remains within Canadian borders and is subject to Canadian privacy laws, such as PIPEDA.