Data Protection Tool

Do you know what makes Datto Encryption So Secure?

Picture of Tracy Rock

Tracy Rock

Director of Marketing @ Invenio IT



Downtime and data loss threaten the long-term success of essentially every modern enterprise. That’s why Datto’s backup and restoration solutions are such an important part of business continuity and disaster recovery.

However, simply storing data isn’t enough. It’s equally important to protect it. Datto uses a sophisticated system of encryption that prevents outside parties from viewing or stealing data at every stage.

To fully appreciate the strength of Datto encryption, you will need to know exactly how it works. Examining all the parts of this process makes clear why Datto’s products offer the best possible security for your data.

What Is Encryption?

In order to understand Datto’s methods of encryption, it’s important to first consider the concept as a whole. Data encryption has existed for centuries, but the current interpretation involves the use of cybersecurity to protect data from attacks.

Businesses, government agencies, and private citizens store important information on their devices and in the cloud. This information, or data, can appear in two forms:

  • Plaintext: data that has not been encrypted and can be understood by humans
  • Ciphertext: text that is encrypted in a series of random letters and numbers that are incomprehensible to humans

The process of encryption changes plaintext into ciphertext so that it is protected from human eyes. Encryption is based on algorithms that essentially make it impossible for data to be read or interpreted without a decryption key. In order to become readable, the text must be decrypted, which returns it to the original form of plaintext.

The process of decryption relies on the use of a cryptographic key. These keys can be either:

  • Public: used only to encrypt data
  • Private: used for both encrypting and decrypting data

Private keys are referred to as symmetric because a single key is shared between two parties. In contrast, a public key is part of an asymmetric system because two separate keys are used for encryption and decryption. Organizations can opt to use either an asymmetric or symmetric system or a combination of the two, which is referred to as hybrid encryption.

Why Does Encryption Matter?

Encryption is part of an overall effort to protect data from being stolen or accessed by outside parties. The reality is that modern businesses simply cannot afford the cost of data theft or breaches.

A recent study conducted by IBM found that the average global cost of a data breach in 2022 was $4.35 million, and the average for businesses located within the United States is even higher. This causes significant damage to a large, financially stable business and can cripple or destroy smaller businesses. For some organizations, particularly those that are unprepared to recover from a cyberattack, a data breach can lead to bankruptcy.

Unfortunately, the idea of properly managing data security can be intimidating. The number of ways that cybercriminals try to access, steal, and destroy data is overwhelming. Some of the most prominent include ransomware and malware. Ransomware attacks, for example, surged by 105% in 2021.

Brute force attacks are also an increasingly prevalent problem. These attacks involve criminals attempting to crack passwords, login credentials, and encryption keys through trial and error, in the same way that you might try to guess the passcode to a friend’s phone. Although the premise is simple, the threat is severe. A 2020 report from Verizon revealed that over 80% of data breaches involve brute force or the use of stolen or lost credentials.

Data breaches have long-lasting and wide ranging effects, including:

  • Fines from regulatory agencies
  • Lawsuits by customers with affected data
  • Loss of customers and reputation

As a result of these widespread and ever-evolving threats, data security should be a core component of any business continuity and disaster recovery plan. Datto makes it possible for businesses to backup and restore data at any time, which shortens or eliminates downtime in the event of a disaster. However, Datto also ensures that all of the data that has been backed up or stored is secure via encryption, thereby keeping it safe from bad actors.

Effective encryption is a crucial step to help ensure that data is not accessed or viewed by an unauthorized user. Without it, data is incredibly susceptible to attacks during storage, transfer, and processing. For example, a complex system of encryption not only prevents but deters brute force attacks, which generally seek out the weakest and most profitable targets.

Without the capability for data restoration and data security, there is a significant risk that a business will experience one or more of these effects. Experiencing any one or more of them can ultimately cause a business to permanently close its doors, and encryption is at the heart of a successful data security strategy.

What Is Datto’s Encryption System?

Recognizing the importance of successful encryption, Datto has implemented a number of measures to maximize security. They use a system of end-to-end, AES 256 and SSL key-based encryption to secure data during transmission and storage.

End-to-End Encryption

One of the most important aspects of Datto’s data security is that it involves end-to-end encryption (E2EE). This protects data at rest and during transfer, which is typically when it is most vulnerable.

In an E2EE process, data is encrypted at both endpoints of the data transfer. In other words, it is encrypted on the device or system used by the sender and can only be decrypted by the intended recipient.

This is different from encryption in transit, in which the data is not encrypted at the endpoints. Instead, it is encrypted only during transit and does not offer security at every point of the transfer.

With E2EE, the cryptographic keys that are required for data to be read or interpreted are stored at the endpoints. This protects the data from being read or tampered with by multiple entities and intermediaries, such as:

  • Internet service providers
  • Application service providers
  • Hackers

Because it uses two keys, a public key for encryption and a private key for decryption, E2EE is an asymmetric system. In addition to its use by Datto, it is also popular with major messaging services, including Facebook, WhatsApp, and Zoom. Businesses are attracted to E2EE because it protects user privacy and helps comply with data privacy regulations and laws.

AES 256

Datto’s solutions rely on AES 256, which is the gold-standard in data security. AES 256 offers a level of protection that is unmatched. That’s why it is trusted not only by Datto but also by the highest levels of government, who use this kind of encryption for their most sensitive and highly-classified documents.

History of AES 256

AES stands for the Advanced Encryption Standard. It is the only publicly accessible cipher that is certified by the National Security Agency (NSA), which has deemed it appropriate for use by government agencies to protect top secret information.

The development of AES took place over a number of years and followed two decades of use of a similar system. It is the successor to the Data Encryption Standard (DES), an encryption algorithm employed by federal agencies from 1977 until the 1990s. DES was created by IBM with a 56-bit symmetric-key block cipher design, which was adequate for data protection for many years. However, as computational power grew, DES became insufficient to block brute-force attacks.

In 1997, a public competition was held to develop a new standard that would surpass DES. The winner, a program called Rjindael, was eventually chosen after rigorous testing.

The Rjindael algorithm was named after its creators, two Belgian cryptologists named Vincent Rijmen and Joan Daemen. In 2001, the National Institute of Standards and Technology (NIST) officially presented the AES, which is based on the Rijndael algorithm, as the new standard for encryption in the United States.

Why AES 256 Is So Secure

There are three varieties of AES: 128, 192, and 256. In each case, the number refers to the length of the key. A longer key is naturally more difficult to break, which makes AES 256 by far the most secure of the three options.

In fact, AES 256 is nearly unbreakable for modern computer systems. This is because, at 256 bits, the number of potential character combinations is so immense.

To better conceptualize the strength of AES 256, imagine that you are attempting to open a locker but can’t remember what numbers you need to enter. You could spend days attempting to guess the correct three-digit combination to unlock it.

Now, imagine that you are trying to guess 256 numbers or characters rather than 3. This would not require days, months, or even years, but rather billions of years of guesses.

In mathematical terms, the number of possible combinations is 2 to the 256th power. For perspective, consider that 2 to the 33rd power has nearly 8.59 billion possible combinations.

Cybercriminals have little interest in attempting to crack a 256-bit code. Therefore, in addition to being virtually impossible to break, AES 256 encryption acts as a deterrent for initiating an attack.

AES 256 Speed

This extraordinary level of security is not the only advantage of AES 256. It is not only essentially impenetrable but also does not bog down computer systems.

AES uses a symmetric key cipher, meaning that the same key is used for both encryption and decryption. Symmetric keys are generally faster and require less computational power than an asymmetric system. Thus, with AES 256, organizations can protect their most sensitive data without sacrificing system efficiency.

Who Has Access to Your Data?

You may be wondering what this means for your data when it is stored on a third-party device like Datto’s. If Datto employees are responsible for managing your data, you may be concerned that they will also be able to access and read it. Fortunately, this is not the case.

When your data is backed up on Datto devices, it is inaccessible to anyone aside from you. This includes Datto employees and any other intermediaries.

You can be assured that this privacy will be maintained because, along with your data, the master key to access it is also encrypted. This means that no human without the key can interpret the data during storage or transmission.

Datto developer Dan Fuhry emphasizes the importance of this point: “[The master key] is completely random – not derived from a passphrase. When you enter your passphrase, your Datto device does some number crunching on that passphrase and some additional data to get a user key. That user key is used to decrypt an encrypted copy of the master key.”

This process not only makes it impossible for unauthorized parties to view the data but also allows for flexibility in selecting and changing your passphrase: “This gives you the ability to change your passphrase without having to re-encrypt the entire dataset, and have multiple valid passwords per agent. The important thing to realize here is how vital your passphrase is to decrypting your data. Without it, the number crunching required to find your data is impossibly immense.”

In short, your data is at your disposal and no one else’s, including the employees at Datto.

How Secure Are Datto’s Data Centers?

When you trust Datto with your data storage needs, it is AES 256-bit encrypted throughout the entire business continuity process, including synchronization, storage, and replication. This renders it basically inaccessible to any unauthorized parties.

However, because the dangers of unauthorized data access are so extreme, it’s natural to still feel wary about the level of security provided for your data. To alleviate these concerns, Datto has additional security measures in place at its fully redundant bicoastal data centers.

Datto utilizes Security Access and Control Systems (SACS). These systems ensure that only authenticated users have access to information. Furthermore, these users can only access the data that has been authorized for their viewing.

The SACS at Datto use global biometric authentication access methodology to track all authenticated data center employees and prohibit the entry of any unauthorized personnel. Biometric authentication is especially secure because it relies on biological characteristics that are unique to each individual. These can include:

  • Fingerprints
  • Facial patterns
  • Voice patterns
  • Iris identification
  • Palm or finger vein patterns

In addition, Datto’s data centers have on-site security 24-hours a day to prevent physical access by any unauthorized parties. This is reinforced by off-site Critical Facilities Management Teams, who record and report all access and alarm information. In combination, this creates a comprehensive security system that complements the encryption technology that already protects your data.

Which Datto Products Have This Level of Security?

In short, every Datto solution offers an equal level of protection and security for your data. The distinction between them is not whether one is more secure, but rather which is more appropriate for the structure and size of your business.

For example, large businesses that regularly store and process a large volume of data will require a solution capable of managing it without losing stability. Smaller businesses, on the other hand, can use a product with a more limited data capacity that maintains the same features of security, backup, and restoration. Likewise, a business that relies heavily on software as a service (SaaS) for data storage can benefit from a product that is specifically designed to backup data stored in environments like Microsoft 365.

No matter which solution is most appropriate for your business, you can rest assured that you will have the same level of high-quality security. Encryption, as well as Datto’s additional security measures, will keep your data safe from loss and theft.

Learn More

Data security is a fundamental component of any business that wants to retain customers, comply with regulations, and maintain financial stability. It is vital to consider not only how your data is stored and backed up, but also how fully it is protected.

Using a data storage solution from Datto is a great way to protect your business from some of the greatest risks it faces in today’s technological landscape. To learn more about encryption, data security, and the solutions available from Datto, contact the team at Invenio IT.

Get More out of your Datto SIRIS with these expert best practices.
Invenio it logo

Join 23,000+ readers in the Data Protection Forum

Related Articles