Do you know what makes Datto Encryption So Secure?
Datto Encryption: What Kind of Encryption Does Datto Use?
For businesses that depend on Datto, downtime is simply not an option. But neither is data theft. That’s why Datto encryption technology offers the same (or arguably greater) level of security used by the National Security Agency (NSA) to protect top-secret government data.
So, how does Datto work when it comes to encryption? Let’s take a closer look.
Datto Encryption Explained
Datto uses AES 256 and SSL key-based encryption to secure all data during transmission and storage. That includes the data “at rest” in both local and cloud-based backups, as well as the data in transit to Datto’s data centers and back.
Datto encryption technology is employed on each Datto device. This creates an end-to-end solution that prevents data viewing, tampering or theft throughout the entire continuity process.
AES 256 is effectively unbreakable and widely considered the best solution for data encryption. (We’ll explain why in a moment.) AES 256 is certified by the NSA as the encryption used for all highly-sensitive government data.
What is AES 256, anyway?
If you’re new to data encryption, here’s a basic explainer. AES is short for Advanced Encryption Standard. 256 refers to the 256-bit key that is created when encrypting your data. When data is encrypted, it’s changed into an unreadable state, accessible only via this 256-bit key.
Think of this key like a locker combination. Except, in this case, the number of total possible combinations is astronomical. (Mathematically, it would be 2 to the 256th power. For perspective: 2 to the 33rd power would be nearly 8.59 billion combinations.)
Datto employees cannot view data
Your data cannot be viewed by Datto staff, even if they we wanted to. Furthermore, no human ever sees the master key that is used to encrypt data on Datto storage devices. That master key is only ever stored in an encrypted fashion.
Here’s a telling explanation from Datto: “[The master key] is completely random – not derived from a passphrase. When you enter your passphrase, your Datto device does some number crunching on that passphrase and some additional data to get a user key. That user key is used to decrypt an encrypted copy of the master key. This gives you the ability to change your passphrase without having to re-encrypt the entire dataset, and have multiple valid passwords per agent. The important thing to realize here is how vital your passphrase is to decrypting your data. Without it, the number crunching required to find your data is impossibly immense.”
The critical importance of encryption
A business continuity solution is worthless without uncompromising data protection. Datto lets you rapidly restore your data after a disaster, so that downtime is virtually zero. But more importantly, end-to-end Datto encryption ensures that the data you’ve backed up is always secure.
How secure are Datto’s data centers?
We’ve shown how data is AES 256-bit encrypted throughout the entire business continuity process, including synchronization, storage and replication. Simply put, your data is inaccessible. But for even more peace of mind, let’s look at the additional security measures in place at Datto’s fully redundant bicoastal data centers.
Datto’s data centers use numerous safeguards to track who’s coming and going, at all times. Datto utilizes Security Access and Control Systems (SACS), using global biometric authentication access methodology, to track all authenticated data center employees and prohibit the entry of any unauthorized personnel. Data centers are manned around the clock, 24 hours a day. Off-site, Critical Facilities Management Teams record and report all access and alarm information to ensure the most comprehensive security possible.