Protect your business with enterprise-grade security features, tools, certifications, and growing layers of protection.
Adding Backblaze to our infrastructure allowed us to satisfy our insurance carrier’s requirements. We could prove that we’re maintaining immutable backups on third-party servers located across the country that comply with industry standards for data security.
Data is encrypted on your computer—during transmission and while stored. Block unauthorized users from accessing your data by using a Personal Encryption Key (PEK) or use a 2048-bit public/private key to secure a symmetric AES-128 key. Data is transferred via HTTPS using a strong protocol, key exchange, and a cipher. Enhance your protection with two-factor verification via a TOTP (Time-based One Time Password).
All files can be encrypted before being transmitted with server-side encryption (SSE). Backblaze offers two options for SSE: Server-Side Encryption with Backblaze Managed Keys (SSE-B2) or Server-Side Encryption with Customer Managed Keys (SSE-C). Both options use an extensively tested and widely trusted block cipher with 256-bit Advanced Encryption Standard (AES-256) to encrypt the data at rest.
Object Lock uses a write once, read many (WORM) model to prevent files from being deleted during a customer-determined retention period, providing immutable ransomware protection to protect data from modification, manipulation, or deletion. Object Lock protection means no one can edit or delete your files. Object Lock Legal Hold offers the same immutability when the time horizon is unknown or timing flexibility is needed.
Backblaze supports automatic replication of data from one bucket to another per rules you set. This can help you achieve your data availability and/or redundancy requirements, with data safely stored to multiple regions in the event should you experience ransomware attacks, employee errors, or cyber attacks. Quickly set rules to automatically copy data across the country or around the world. This helps ensure that data is always available and up-to-date.
Backblaze B2 supports the standard CORS mechanism to allow customers to share the content of their buckets with web pages hosted outside of Backblaze B2. With CORS, before making a non-simple cross-origin request, a browser makes a "preflight" request to ask the server if it's okay to make the cross-origin request. By default, the Backblaze B2 servers will say "no" to preflight requests. Adding CORS rules to your bucket tells Backblaze B2 which preflight requests to approve.
Control and maintain usage and access monitoring to all accounts with fine-grained API key control. Flexible access control settings for account authentication/ verification prior to accessing data including single sign-on via G Workspace or Office 365 and two-factor verification for all users. All data in Backblaze cloud storage—buckets, objects, and related subresources—are private and can only be accessed after account authentication.
Backblaze, and our data centers, have received SOC 2 Type 2 certification by an independent third-party auditing firm which affirms that our cloud storage platform, policies, and procedures follow best practices in securing customer data and account information. Eligible customers and prospects can contact Backblaze Sales to request a copy of the SOC 2 Type 2 report.
Our purpose built architecture—based on the Backblaze Storage Pod—is designed from the ground up to keep your data safe and secure. Backblaze Vaults and Backblaze Reed-Solomon Encoding create a durable-by-design system so you can trust that your data is safe. Additionally, our architecture provides enterprise-grade security with 11 nines durability.
Our physical facilities have best-in-class security features—such as biometric security, photo-ID checks, staffed 24/7/365, and area locks—to keep your data safe. Our data centers have BAAs for covered entities (HIPAA) to assist with compliance compatibility. Additionally, our US East Region is HIPAA/HITECH compliant as well as third-party NIST 800-53 attested.
Server-side encryption protects your data by encrypting it at rest before it is stored on disk within the Backblaze B2 storage cloud. It can be turned on for use with new and existing buckets, via API or web UI. You can choose SSE-B2 if you wish for Backblaze to manage encryption keys, or SSE-C if you wish to self-manage encryption keys.
We know privacy is important to you. It’s important to us, too. The Backblaze Privacy Notice describes how we collect and use your personal information, what we do with the information collected, and how you can exercise your privacy rights.
When you upload data to B2 Cloud Storage, your data is stored on a Backblaze Vault. Each file you upload is stored redundantly across multiple drives, in multiple servers, in multiple locations in our data center. For more details, see our blog post on Backblaze Vaults. If you wish to store data to multiple regions given your redundancy requirements, we recommend you consider the use of Cloud Replication to support doing so automatically.
Yes, PEK is available for all users. With a PEK, Backblaze cannot access your data, even in the case of a lost or forgotten password, subpoena, or any other event.