CloudAlly Security Overview

CloudAlly provides a secure online backup solution with internationally recognized accreditation for information security management.

ISO 27001 and HIPAA Compliant

CloudAlly is ISO 27001 certified which is an internationally recognized accreditation for information security management. We are also HIPAA compliant and can provide a BAA Agreement on request.

Cloud Security Alliance (CSA)

CloudAlly participates in the Cloud Security Alliance STAR (Security, Trust and Assurance Registry) program using CSA’s Cloud Controls Matrix (CCM). CCM is a framework of cloud-specific security controls ensuring that participating organisation adhere to leading industry standards, best practices and regulations.

Data Security and Encryption

All data is stored in Amazon S3 storage and encrypted using advanced AES-256 bit encryption algorithms. Transmitted data is encrypted and secured using SSL (HTTPS) enabled servers.

CloudAlly uses a unique encryption key for each customer, and the keys are securely stored. Use of a unique S3 folder for each customer ensures data isolation.

Additionally, every backup task has its own initial vector, which is stored securely and separately from the user key. This technique helps CloudAlly to encapsulate the users’ data.

Our servers are strongly secured, hardened and include the latest security patches. Only a very limited number of CloudAlly’s core team members have access to production keys.

User Credentials

CloudAlly uses industry standard OAuth for permission based access when possible, eliminating the need to enter or store user credentials on the CloudAlly system.

The OAuth “token” limits access to exactly what CloudAlly needs to do and doesn’t provide general access to your account. You can revoke authorization at any time.  If OAuth is not available for a specific service then credentials are stored using advanced AES-256 bit encryption algorithms.

Two-Factor Authentication

You can add Two-Factor authentication to your CloudAlly account for additional security from the Account Settings page using any industry standard authentication app.

Payment Processing

Payment processing, including credit card information, is hosted by our payment processor which is fully PCI compliant. No payment information is handled or stored on the CloudAlly system.

CloudAlly Website & Application

Our website has a Secure Security Authorization (HTPS) Certificate issued by GoDaddy, and our application was reviewed and verified secure by Microsoft,, Google and Amazon Web Services.

Data Access

Customer backup data is not accessible directly, it can only be accessed using the CloudAlly platform. CloudAlly backups can only be activated, deactivated or restored by the customer’s Data Administrator.

Internal CloudAlly staff do not have access to customer data, and only a limited number of core team members have access to production keys based on a “need to know” policy for problem resolution.

Data Retention

All backup data is retained as long as you maintain your CloudAlly subscription. If you choose to cancel your subscription, your data will be deleted from the CloudAlly archives within 2-weeks.

If you deactivate an individual user backup or database table/domain, that data will be deleted within 24 hours so we recommend downloading the data prior to de-activation if you want to retain the backed up data for local archiving.

Data Privacy

CloudAlly archives can optionally be stored in Amazon U.S., Canadian, European or Australian data centers as need for compliance with data privacy directives.

EU Data Protection Directive

EU Data Protection Directive and GDPR Compliance
CloudAlly is based in Israel, a country which was approved by the European Commission as a country providing “adequate protection” for personal data. EU General Data Protection Regulation (GDPR) replaced the existing EU Data Protection Directive and ensured standardization of data protection and privacy laws across Europe. CloudAlly is committed to ensuring that our services are compliant with GDPR, and will continue to provide GDPR information and updates as it relates to our service, in our blog and GDPR web page.

Partner Certification

CloudAlly is certified Microsoft Platform Ready and has been tested and verified secure by Amazon Web Services,, and G Suite.

Get Started Today

Sign up for a 15 days free trial (no credit card required)

APN Technology


  • ISO 27001 and HIPAA Compliant
  • Advanced AES-256 bit encryption
  • SSL (HTTPS) enabled servers
  • OAuth permission based access
  • PCI compliant payment processor
  • Certified by Microsoft,, Google and AWS

A 2013 report from The Aberdeen Group found that 32% of companies surveyed lost critical cloud data, and of these, 64% were due to users deleting or overwriting the data. Lack of adequate backup for is a massive exposure for SMBs and Enterprises.

Once the set up was done, which was painless it just runs and we forget about it. Response to any queries are quickly dealt with which is a breath of fresh air in today’s crowded work schedules.

Robert Middleton
TD Express