SaaS Backup Data Protection & Security Features

Protecting Customers’ Data is Our #1 Priority

Unitrends and Spanning Backup employ multiple layers of operational and physical security to ensure the integrity and safety of your SaaS backup data. The following security features apply to Microsoft 365 Backup, Google Workspace Backup and Salesforce Backup.

SOC 2 Compliance

Spanning Backup is SOC 2 Type II certified, a rigorous evaluation of repeatable internal operational and technical controls, information technology processes and trust service principles.

Application-Level Authorization

Spanning Backup accesses SaaS systems using application-level authorization via the OAuth 2.0 protocol rather than less secure service accounts and passwords.

Strong Encryption

Spanning Backup protects data at-rest with 256-bit AES object-level encryption with unique, randomly generated encryption keys for every single object with a rotating master key protecting the unique keys. All data in-transit is protected with Transport Layer Security (TLS) encryption.

Intrusion Detection

Spanning Backup systems constantly guard against intrusion with log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.

Compartmentalized Access

Access to production servers is granted only to named Spanning employees who meet and hold specific operational requirements. Changes to the production environment access control list are tracked and auditable.

HIPAA Compliance

Spanning Backup provides robust administrative, physical and technical safeguards to ensure the confidentiality, integrity and security of electronic protected health information. Our backup services have successfully completed the SSAE 16 SOC 2 Type II audit process. If you are interested in learning more, or require a Business Associate Agreement (BAA), please contact sales@unitrends.com.

Cloud Security Alliance Member

Spanning is a member of the Cloud Security Alliance (CSA), a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing.

Skyhigh Enterprise-Ready

Spanning Backup has been awarded the Skyhigh CloudTrustTM rating of enterprise-ready. Skyhigh Enterprise-Ready cloud services fully satisfy the most stringent requirements for data protection, identity verification, service security, business practices and legal protection.

Third-Party Certifications and Audits

Spanning Backup operates within the Amazon Web Services cloud, which is ISO 27001 certified, has completed multiple SAS-70 Type II audits, and published as SOC 2 report under both the SSAE 18 and ISAE 3402 professional standards.

Confidential Security & Compliance Communications

Spanning is committed to the reporting of security and compliance issues. Further, in order to obtain objective feedback on potential issues, Spanning maintains a direct line of communication to the Principal Secuirty Manager (and Security Team) here. This serves as a mechanism to enable anonymous or confidential communication for critical and/or sensitive security vulnerability issues when normal channels are inoperative or ineffective.

Privacy & Security Certifications

Spanning Backup has also earned BBB EU PRIVACY SHIELD (covered under Kaseya US LLC), operated by the Council of Better Business Bureaus Privacy Certification and is certified under the US-EU and Swiss-US Privacy Shield. Spanning is compliant with the Regulation (EU) 2016/679 (General Data Protection Regulation). For more information about our compliance, please see Spanning’s GDPR page here. For our Data Protection Addendum, please reach out to your sales representative.