14188: Acronis Cloud security and privacy

Last update: 30-09-2021

Security

  • Information security program

Acronis maintains a comprehensive information security and compliance program that includes administrative, physical, and technical controls based on ongoing risk assessment. Our information security policies and processes are based on broadly accepted international security standards, such as ISO 27001 and NIST.
 

  • Access control

Acronis has implemented an enterprise-wide access control policy to restrict access to information resources and data in accordance with official duties. Access provisioning is based on the «Need to Know» and «Least Privileges» principles.

Internal access control procedures detect and prevent unauthorized access to Acronis systems and information resources. When providing access, Acronis uses centralized access control systems with secure mechanisms and authentication protocols (LDAP, Kerberos, SSH certificates), unique user IDs, strong passwords, two-factor authentication mechanisms, and limited control access lists to minimize the likelihood of unauthorized access.
 

  • Infrastructure security and availability

Acronis continuously monitors the security of its entire IT infrastructure to protect against advanced persistent threats and cyber-attacks. Acronis controls and monitors its boundary, DMZ networks, VPN and remote connections, and internal flows. Acronis utilizes automated tools in conjunction with organizational controls to guard against human interventions. 

Ensuring that your organization's mission-critical data has one of the highest levels of availability, leveraging data centers that provide redundant HVAC, network and UPS systems. Acronis follows the approach of Need Plus Two (N+2) for greater redundancy. If there is a failure in a hardware-layer component, it will not affect Acronis' critical infrastructure or Acronis customers. Acronis stores customers data employing its own software-defined storage solution, Acronis Cyber Infrastructure with Acronis CloudRAID technology. Acronis Cyber Infrastructure delivers fast, universal, protected, efficient and proven storage that unites block, file and object workloads. 

Equipped with UPS and backup diesel-generators, Acronis data centers can provide a continuous supply of electricity through undefined power outages of up to 48 hours. HVAC, fire detection and suppression systems, alarms and monitoring by surveillance cameras (CCTV) allow Acronis to provide reliable infrastructure.

 

  • Data security

Acronis Cyber Cloud environment is a multi-tenant environment, so the architecture of our cloud services provides physical and logical isolation and separation of customers' data to ensure processing of the minimum amount of data in accordance with the stated processing purposes.

The managed network equipment separates and isolates internal, external and customers' environments and provides routing and filtering of network protocols and packets.

Acronis provides real-time encryption for all data transferred. Acronis ulilizes secure data transfer protocols (HTTPS, TLS, SSH, OpenVPN and etc.) with crypto-strong encryption algorithms and provides security of cryptographic key exchange (Diffie-Hellman, RSA) to protect the transmitted data and reduce the risks of unauthorized access to the transmitted data and compromised key information. 

All Acronis Cloud Storages are encrypted at rest by a government Advanced Encryption Standard (AES) algorithm with 256-bit key. Acronis software allows one to protect the content of Acronis Cloud additionally from user-side.You can enable encryption in your protection plan or as a machine property (for Acronis Cyber Backup and Cyber Protect) or specify the type of encryption that should be used to encrypt files stored in the virtual file system's repository (for Acronis Cyber Files). The default is again AES-256. Please note that recovering a lost user-defined password is not possible by any means. There is no way to recover encrypted backups if you lose or forget the password.
 

  • Physical security

Data centers are physically defended 24/7 by security personnel, high fences and video surveillance, while on-site entry requires biometric and key card access. Strict access control measures ensure that only authorized personnel have access to the data center.

Privacy

Acronis privacy statement is available at http://www.acronis.com/company/privacy.html
 

Tags: