Dropsuite is a leading cloud backup platform on a mission to ensure that businesses never lose data again. If a virus, hacker attack or accidental/malicious deletions occur, our customers can restore their mission-critical data such as email, websites or databases, in just a few clicks, keeping their business operation running smoothly. To be the platform of choice for data backup and protection, security is at the core of the product management and development process at Dropsuite.
Data Encryption in Transit and at Rest
Dropsuite enhances data security for our customers’ data by enabling Transport Layer Security (TLS 1.2) cipher for data in transit. All ingress or egress data to and from Dropsuite’s cloud service will be encrypted using TLS 1.2 to prevent third party snooping.
Data at rest in Dropsuite’s storage is encrypted with Advanced Encryption Standard 256bit (AES256) cipher that ensures data is safe and secure.
Our IT infrastructure is designed and managed in alignment with security best practices and a variety of IT security standards, including:
- SOC 1, 2 and 3
- FISMA, DIACAP and FedRAMP
- DOD CSM Levels 1-5
- PCI DSS Level 1
- SO9001 / ISO27001
- FIPS 140-2
Dropsuite engages independent/external entities to conduct regular application-level and infrastructure-level vulnerability tests. We also continue to scan and test the Dropsuite application internally, and on a regular basis, preforming regular security patches or upgrades. Results of the external vulnerability testing and remediation are shared by the entire team including management and the board of directors.
Personnel and Access Management
Personnel practices in Dropsuite apply to all employees who have direct access to Dropsuite’s internal information systems, Dropsuite’s cloud solution infrastructure and/or unescorted access to Dropsuite’s workspace. All those employees are required to understand and follow internal policies and standards.
Principle of no privilege is a default standard in Dropsuite. Employees and users in Dropsuite will only have access to what is needed, when it is needed.
Employees will only be granted access to internal systems based upon their work requirements. Requests for additional access follows a documented process and are approved by the responsible owner or manager. Furthermore, all employees sign confidentiality agreement upon joining the company.
All employees are required to complete a privacy and security training annually. Individuals with elevated levels of access are required to take a biannual security certification with a private provider. Employees are required to report security and privacy issues to our Data Protection Officer. Employees are informed that failure to comply with acknowledged policies may result in consequences, up to and including termination.
Dropsuite monitors and logs every server, router, system call, command procedure.etc of our production environment. Logs are kept for as long as legally needed to ensure our systems are secure.
Data Protection Compliance
Dropsuite has proactively appointed its own Data Protector Officers (DPOs) that are trained in data privacy and data security to ensure legal compliance with various data protection laws. Our DPOs work closely with the product and engineering team to ensure legal compliance requirements are embedded into the development lifecycle of our products.