How eazyBackup is PIPEDA compliant

Data Security

Backing up:

eazyBackup always encrypts all user data before sending or storing it, using strong AES-256-CTR with Poly1305 in AEAD mode with high-entropy random keys. The user’s password is used to derive two 192-bit keys (the “L” and “R” keys) via PBKDF2-SHA512, with hard-coded parameters for repeatable output.

  • The L-key is used to log in to the Auth Role server in place of the real password; the server stores only a bcrypt(sha512) hash of this L-key.
  • The R-key never leaves the client, and is used to encrypt secret keys stored within the user’s profile on the server.

During rest:

When eazyBackup sets up a Storage Vault for the first time, it generates two high-entropy random keys (the 256-bit “A” and 128-bit “E” keys). All user data in the Storage Vault is stored encrypted with the A-key using AES-256 in CTR mode, and authenticated using Poly1305 in AEAD (encrypt-then-MAC) mode. The only party with the decryption key is your company/the backup user. This ensures total privacy of the PHI data.


Physical Security

eazyBackup is based in Saskatoon, SK and operates from Sasktel’s Tier III Data Centre, which is certified by the Uptime Institute.

The Data Centre is protected with 24/7 onsite bonded security personnel and CCTV cameras monitoring access and infrastructure.

Access to the Data Centre is governed by strict security policies. Access is controlled with biometric scanners  in conjunction with key-card access. Physical entry is electronically secured and physically monitored.

Power System

The facility is connected with two utility feeds from two separate transformers.

During an outage, redundant UPS and battery backup provide power until the redundant diesel generators start, providing ongoing power. In addition, the facility has a guaranteed fuel supply contract in place for the backup diesel generators.

Environmental & Safety

The facility adheres to ASHRAE 2011 Environmental Class A1 guidelines. Temperatures are carefully controlled and kept at a constant level.

Two-stage fire suppression system with cross-zoned detection. In addition, a separate fire detection mechanism constantly samples the air and acts in tandem with detectors mounted on the ceiling.