We use Azure's Storage Blobs service for securely storing backups which are encrypted at rest.
Compliance details can be found at Microsoft Azure compliance. In summary the storage platfrom is ISO 27001, ISO 27017 and ISO 27018 compliant.
Firewalls are set to default-deny. The only accessible services are web services (Web servers only over port 80 - redirected to SSL 443) and messaging service (TLS over TCP 5671)
In-depth information on our SSL implementation is available via this Qualys SSL Report on DBeeKeeper.
Access to servers (where allowed) is ip and employee restricted.
We strive to keep all server software on the latest version; however, when that‘s not possible we ensure that the latest security patches are installed/up to date. This is reviewed monthly (patches are often installed as soon as they come out).
DBeeKeeper has been written using common libraries to protect against SQL Injection, XSS Vulnerabilities, and other common exploits. As part of our build process we scan our application using static analysis - against OWASP Top 10 and SANS/CWE Top 25 and other common insecure coding patterns.
All of the stored backups are encrypted at rest. Additionally, access keys required to generate SAS (Shared Access Signature) tokens are rotated every 6 hours.
All access to your dashboard is always over a secure (SSL encrypted) connection.
We use generated (fake) customer data for these environments.
Some data that users delete is soft deleted and can be recovered (in case a user deletes something by mistake) inside of 30 days. After 30 days, that data is hard deleted and can only be recovered via full backup for another 30 days.