Generic Backupify
April 02, 2015
Cloud-to-Cloud BackupCybersecurity

Evaluating Cloud-to-Cloud Backup Solutions: Rethink Security and Oversight

First and foremost – the cloud to cloud backup vendor that you (eventually) choose will be holding a second copy of your company’s data which means any assurance that the vendor itself is respecting security best practices is to your advantage.

Any SaaS vendors (cloud to cloud backup providers included) should have a documented security policy that the company can provide you, in writing, at any time. The policy should include specific practices around these key areas:

  • Physical hardware security
  • Security update frequency
  • Audit frequency
  • Policy for notification of breaches
  • User password strength requirements

Security Audit

Ideally, an auditing body will have verified that the vendor is in fact complying with its stated security policies. A SOC 2-level audit (or higher), or ISO 27001, are baseline audit standards you should be looking for.

Third-Party Penetration Testing

A company may rigorously abide by its security policies, but if those policies are inadequate, slavish devotion is a hindrance, not an asset. The best way to ensure a security policy is actually effective is to conduct a penetration test (also known as a “pen test”) wherein a third-party security firm actively attempts to breach the vendor’s defenses in order to assess weaknesses. Reputable SaaS backup companies will conduct regular pen tests and share the general results with customers upon request. (No company will share specific pen test results, as sharing explicit details of security systems could actually harm the vendor’s security.)

Relevant Regulatory Compliance

In addition to the above, your SaaS backup vendor should be able to explicitly address if and how it complies with the requirements of several regulatory standards, including:

  • HIPAA (Healthcare)
  • PCI (Financial transactions)
  • Sarbanes-Oxley (Publicly traded company)
  • Data Protection Act (U.K. data privacy compliance)
  • Safe Harbor (E.U. data privacy compliance)

Security and compliance should be key criteria as you evaluate cloud to cloud backup solutions but there are other key areas you should consider. For more information on what to specifically look for in a cloud to cloud backup vendor, download the complimentary eBook below.


SaaS Data Under Siege: Ransomware’s Rising Threat

Your cloud data could be just as vulnerable to the next wave of cyberattacks as data hosted on-premises

Office 365 logo

Secure Office 365 data protection. Backupify delivers fast recovery of Exchange, OneDrive, SharePoint Online, Calendar, Contacts and Microsoft Teams data.


Office 365 logo

Google Vault alone does not ensure your G Suite data is recoverable. Quickly restore lost data from Gmail, Calendars & Contacts, Drive and Shared Drives with Backupify.


See Why Backupify Wins SaaS Backup