The Keepit cloud
Secure and vendor independent
The Keepit cloud is owned and run by Keepit. Our systems, our people, our standards. That’s how we guarantee that the backup data we store is fully isolated from your SaaS vendor's cloud, whether it’s Azure, AWS, G Cloud, or something else.
Keepit doesn't share infrastructure with any public cloud. In the event your SaaS provider’s cloud is down, your data would be inaccessible. But, with Keepit, your data will still be accessible since it’s backed-up on Keepit’s isolated, independent cloud.
To meet customer data sovereignty requirements, Keepit operates a cloud in multiple regions — currently Americas, Europe and Asia-Pacific, with data centers in USA, Canada, Australia, Germany, and Denmark.
Each cloud is run from data center locations provided by Keepit data center partners Equinix and Global Connect. Each of the data center regions are completely isolated from each other.
Data encryption in transit
Keepit employs encryption in transit using HTTPS secured with modern TLS when accessing your data through primary workload vendor APIs such as Microsoft Office 365, Salesforce, G Suite, and others. And as an additional physical layer of security, Keepit will typically exchange traffic directly with the workload providers over major internet exchanges, far from the prying eyes of the average Wi-Fi hotspot eavesdropper.
Once data reaches Keepit, it’s encrypted before being stored on our storage systems. For this purpose, we employ AES encryption directly on our storage systems. This is the same encryption algorithm that is used throughout industry. But as an additional physical layer, the storage media upon which your data resides is kept in two mirrored, physically secure data centers. Faulty media is destroyed, not sent back for repairs.
The Keepit architecture is centered around a multiple data center strategy for redundancy. Each one of our regions employs two regional data centers, each data center being a complete mirror of the other.
The two data centers operate in active-active mode, continually keeping data replicated between the centers. For this reason, any single system can fail without affecting the operation of the platform, and even a full site can fail without affecting the platform, as it has a separate, mirrored data center operating alongside it. This keeps your data reachable and available for restore even in the unlikely event of the loss of a full data center.
On top of this, all individual systems employ their own component level redundancy. Adding it all up, we keep an equivalent of two copies (or more) of your data in each of the two data centers, giving you the peace of mind that we have a total of four (or more) copies of all of your data, throughout your entire backup history.
Each software component of Keepit has been developed with scale and speed in mind. Below are some important points on the software stack:
- No single point of failure in the platform — any single system can be lost without affecting the operation
- Front-end nodes are the load balancers; front-end nodes can be added as needed to scale
- All internal components are simple single-purpose components
- All internal components can be scaled vertically and horizontally
- Any number of full platforms can be deployed for perfect isolation and scalability
- Each geographic location has two mirrored data centers
- Seamless scalability to millions of users
- Storage Islands support to facilitate complete knowledge of customer data location
- Multi-threaded processes to leverage easy scaling of each important workload. Adjustable down to tenant level
- Intelligent backup algorithm ensures maximum throughput
Ability to deploy multiple independent instances of Keepit for increased scalability
- Fully automated deployments encryption
Ready for tomorrow
- Not API first – API only
- One API – integrate once
- All features available as API endpoints
- Cloud backup SDK
- Licensing: license configuration, provisioning, and deactivation through API or Web UI
Keepit has been built to be tamper proof, offering a guarantee that data stays immutable. The application does not expose any APIs or other means that allow data overwrites. Furthermore, the application uses a blockchain algorithm which makes any low-level tampering impossible and easily evident. A given requested data object is unaltered from its original form.
In addition, Keepit features a deletion retention of all configured backup connections of at least one month, thereby completely protecting the customer from data loss due to ransomware attacks.
Data only leaves the platform when it falls outside of the customer-configured retention period.
In the event that the customer (or an attacker who successfully assumed the identity of the customer) deletes a workload from Keepit — or the entire account — data will remain untouched for a fixed retention period of your choice, or the default one month.
This additional precaution protects the customer from a ransomware attack (or worse) where the attacker would first seek to destroy backups before proceeding to encrypt or destroy the primary data.
Keepit meets demanding regulatory requirements. To ensure the highest operational security standards, Keepit holds the following certifications:
- ISO/IEC 27001:2013 certification for information security management systems. Read more about it. Entire company is ISO27001 certified
- ISAE 3402-II certification (audited by Deloitte annually)
Read our Online Terms of Service and our Data Processing Agreement to see exactly how we can help you with your compliance needs.
Keepit is proud to serve international customers across all industries and sectors including finance, healthcare, and government. They have all scrutinized and ultimately validated and accepted our solution. We are always here to help you meet your compliance requirements.