Security by design

We protect your DevOps ecosystem against data loss & cyber threats and securely manage your organization's data to keep it private.

SOC2 Type II compliant ISO27001 compliant GDPR compliant AES 256 encryption with your key
Security by design

Custom Global Data Residency

By default, you can choose between data residency in the US, EU and Australia. Specific location needs? Let's customize!

Contact us
Hassle-free Azure DevOps backup process

Security Portal

SOC 2 Type II, ISO27K, GDPR… but above all DNA - that's what security means for us. Check our security practices and features that will facilitate your own regulations, certification processes, and procedures.

Trusted by the world's best companies

nhs
wharton
hema
gladstone
california
argentina
ninetyone
zoop
red
turntide
mobica
red5

Multi-level security mechanisms

Product security
features

We do not provide you only a DevOps backup solution. With our secure and safe technology, we guarantee you peace of mind in every situation.

  • In-flight & at rest encryption

    we encrypt your data in-flight before it even leaves your physical machine, so it’s protected either during backup execution or at rest in the repository.

  • SAML integration

    authenticate users through your Identity Provider with SAML standard to have full control over access and security and meet your procedures. Use your Azure Active Directory, Okta, CyberArk, Oauth, OneLogin, and more IdP’s we support.

  • SOC2 Type II compliance

    Your guarantee that we have implemented appropriate security measures and controls in terms of data security, availability, processing integrity, confidentiality, and privacy. Thus, we not only manage your data in compliance with top security standards but facilitate your own journey to certifications.

  • ISO 27001 compliance

    GitProtect is the only one DevOps backup with an ISO27K certificate. It assures you that our organization follows a comprehensive framework to maintain and develop a secure Information Security Management System and is prepared to react appropriately in the event of threats.

  • Ransomware protection

    immutable storage, non-executable data format, replication, compression, considered unbreakable encryption, and more. Our one-of-a-kind Ransomware Protection technologies provide multiple layers of immutability, limiting both the negative effects of ransomware and the potential spread of threats in storage.

Encryption strength

Forces the AES algorithm to work in OFB (OUTPUT FEEDBACK) mode with an encryption key of 128 bits.

as in the case of 'Low' encryption strength, the AES algorithm is run in OFB mode, but the key used is the encryptor is twice as long - it consists of 256 bits.

with this option selected, AES will work in CBC (CIPHER-BLOCK CHAINING) mode, and the encryption key is 256 bits long.

GitProtect.io powered by Xopero ONE uses Advanced Encryption Standard (AES) algorithm to encrypt data. AES is a symmetric-key algorithm, meaning the same key is used for both encrypting and decrypting the data. AES is considered unbreakable and is widely used by many governments and organizations.

Within GitProtect.io the user must provide a string of characters on the basis of which the encryption key will be built. This string is later saved in Secure Password Manager.

Storage & infrastructure
security

GitProtect.io powered by Xopero ONE only relies on secure and compliant data center providers. Our customers’ data are stored in USA-based or EU-based best-in-class data centers, compliant with stringent security guidelines which offer 24x7 tech and network support. Independent third-party auditors certify that systems and processes comply with all the latest industry standards. Standards and certifications include:

  • ISO 27001

    is the international security standard used to benchmark the protection of sensitive data. It encompassed organizational security policies, personnel security, physical and environmental security, systems and network security, and business continuity management.

  • EN 50600

    is the first European-wide, a transnational standard that provides comprehensive specifications for the planning, construction, and operation of a data center with a holistic approach.

  • EN 1047-2 standard

    describes an extensive test method for external fire exposure. It determines the protection of temperature- and moisture-sensitive data carriers and hardware systems in data rooms as well as containers.

  • SOC 2 Type II

    report is an internal controls report capturing how a company safeguards customer data and how well those controls are operating.

  • SOC 3

    is a public report of internal controls over security, availability, processing integrity, and confidentiality.

  • FISMA compliance

    is data security guidelines set by FISMA andNational Institute of Standards and Technology (NIST). NIST is responsible for maintaining and updating the compliance documents as directed by FISMA.

  • DOD standard

    refers to the compliance with all guidelines and regulations established by the American Department of Defense (DOD).

  • DCID

    is a compliance with the Director of Central Intelligence Directive and it refers to security practices used to protect highly classified intelligence information systems.

  • HIPAA

    compliance refers to a series of regulatory standards that outline the lawful use and disclosure of protected health information (PHI).

  • Other certifications:

    PCI-DSS Level 1and PCI DSS compliant, ISO 50001, LEED Gold Certified, SSAE 16 compliant.

Data centers security

Our data center providers meet the highest standards of physical security to restrict unauthorized physical access and protect the safety of our customer data. Only authorized personnel have access to the data centers, based on 2FA, 24/7 monitoring by surveillance cameras, and strict access management - pre-authorized visitors only.

Focus security measures

  • External Perimeter fence with 24x7 CCTV monitoring and guard patrols
  • Footage stored for 30 days
  • Man traps to data hall
  • 2 factor authentication (biometric/ card)
  • Pre-authorized visitors only
  • Visitor logs are kept for one year

Fire protection and suppression

  • 24×7 decentralized monitoring of M&E plant room&redundant systems
  • Gaseous fire suppression and dry-pipe pre-action sprinklers
  • Very Early Smoke Detection Apparatus (VESDA)
  • Sub-raised floor water detection system installed around CRAC units and along the perimeter of the room
  • FM200 fire suppression
  • Doors and partitions are minimally 2-hours rated
aicpa-soc-2 hipaa iso-27001 fisma pci-dss aicpa-soc

GitProtect.io by Xopero ONE and the GDPR

The protection of personal data is very important to us - both in terms of data protection of our clients (as an administrator) and data stored by customers as part of backups (as a processor).

To provide our clients with the highest level of protection, we have implemented a number of tools to protect personal data, fully compliant with the high requirements of Regulation (Eu) 2016/679 Of The European Parliament And Of The Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC General Data Protection Regulation (GDPR).

Learn more

Learn DevOps backup best practices

github-big

GitHub Backup Best Practices

Read more
github-1

Infamous GitHub-related Incidents And Threats: 2023 in Review

January 5, 2024 Read more
github-2

GitHub Security Best Practices – 15 Tips To Keep In Mind

February 28, 2023 Read more
github-3

Implementing A Repository And Metadata Backup Software For The Enterprise – A Case Study

October 27, 2023 Read more
bitbucket-big

Bitbucket Backup Best Practices

Read more
bitbucket-1

Atlassian security incidents: 2023 in Review

January 8, 2024 Read more
bitbucket-2

Atlassian Security Best Practices

February 16, 2023 Read more
bitbucket-3

Disaster Recovery: Bitbucket Ecosystem – What Are The Best Scenarios & Use Cases

August 2, 2023 Read more
gitlab-big

GitLab Backup And Restore Best Practices [Step-by-step tutorial]

Read more
gitlab-1

GitLab Vulnerabilities And Security Incidents: 2023 In Review

January 10, 2024 Read more
gitlab-2

GitLab Restore And Disaster Recovery – How To Eliminate Data Loss

April 5, 2023 Read more
gitlab-3

GitLab Backup to S3

September 12, 2022 Read more