We encourage all users and teams to setup Two-Factor Authentication on their accounts to add another layer of account security. You can use Google Authenticator, 1Password or several other authentication apps and services.
When performing backups that require us to access a customer's server, we generate 4096-bit RSA keys. When you register for SnapShooter, we generate a new key. You can use this key for each backup, or generate new key pairs on demand. The private key is stored in our database using AES-256 encryption. When connecting to your server to perform a backup, the server establishing the outbound SSH connection is protected behind a NAT gateway and has no direct access to the internet (including inbound SSH.)
We Eat Our Own Dogfood
Yes, we take good care of your data, but we also take good care of our own data. Our services infrastrucure is hosted at Amazon Web Services, and SnapShooter staff do not have access to production services and databases.
The core of our system runs in the Ireland region with a multi AZ setup and N+2 fault torrance. We tighly control our external connection IP addresses to allow customers to whitelist view ssh whitelist SnapShooter services.