Your SaaS data, backed up and secured
Your valuable SaaS data is only as secure as its backup. Which is why it is critical to ensure that your backup solution is dependably secure.
OpenText (Cloudally) has been successfully backing up Microsoft365 for more than 15 years. Security has been in our DNA since we pioneered SaaS backup in 2011. We’re fanatical about security for all our backup solutions for Microsoft 365 (Office 365), Google Workspace, Salesforce, Dropbox, and Box. We have internationally recognized accreditation, stringent application security, and rigorous data protection. We continue to strive beyond the required compliance standards to achieve best-in-class security.
Stringently compliant
ISO 27001 certified
OpenText (Cloudally) is ISO 27001 certified which is an internationally recognized accreditation for information security management.
HIPAA compliant and member of the Cloud Security Alliance (CSA)
OpenText Cloudally Backup solutions are HIPAA compliant and we can provide a BAA Agreement on request. We also participate in the Cloud Security Alliance STAR (Security, Trust and Assurance Registry) program using CSA’s Cloud Controls Matrix (CCM).
GDPR compliant
We’re committed to ensuring that our backup tools are compliant with GDPR requirements. We adhere to strict data sovereignty, data security, and data processing requirements, among others.
Data centers in the US, EU, UK or APAC
Adhere to local regulatory requirements with your choice of data centers across the US, Canada, Europe (France, Germany, and Ireland), the UK, Africa (South Africa) and Asia Pacific (Australia and Japan). Or backup to your own storage with Bring Your Own Storage (BYOS) support.
Best-in-class application security and access
Reliable Amazon hosting
OpenText (Cloudally) backup solutions are hosted on Amazon Web Services (AWS) S3 data storage, the leading cloud storage provider, which means that we’ve built on a foundation of reliable security right from the beginning. This also ensures high availability during MS 365, Google Workspace, Salesforce, Box, and/or Dropbox downtime
Secure MFA/2FA authentication and SAML-Okta integration
Our solutions implement application security best practices, such as two factor authentication (2FA), robust password protection, password and access key rotation, and vulnerability and patch management. We also support Okta and OAuth integration.
Intrusion detection and IP restriction
Virtual private cloud, identity and access management, stateful and stateless firewalls, application-level firewalls, and intrusion detection further strengthen the security of our solutions.
Get multi-admin support with fine-grained access management per admin. Prevent unauthorized access with IP restriction support.
Certified by Google, GoDaddy, and others...
Our websites have Secure Security Authorization (HTTPS) SSL Certificates issued by GoDaddy. We’re certified by solution providers such as Google Workspace formerly known as G Suite, and others.
Rigorous data protection
All data is stored in Amazon S3 storage and encrypted using advanced AES 256-bit encryption algorithms. Transmitted data is encrypted and secured using SSL-enabled servers (HTTPS).
Our servers are strongly secured, hardened and include the latest security patches. All end-user sessions and interactions with the OpenText Cloudally Backup solution use SSL/HTTPS.
Comply with data regulations, with support for Salesforce data anonymization for sandbox seeding.
OpenText Cloudally Backup solutions use a unique encryption key for each customer, and the keys are securely stored. Use of a unique S3 folder for each customer ensures data isolation. Additionally, every backup task has its own initial vector stored securely and separately from the user key. This technique helps to encapsulate the users’ data.
Immutable storage: Our object-lock capability further minimizes the possibility of accidental or malicious data loss.
OpenText Cloudally Backup solutions use industry-standard Oauth for permission-based access when possible, eliminating the need to enter or store user credentials on the Cloudally system. The OAuth “token” limits access to precisely what Cloudally needs to do and doesn’t provide general access to your account. You can revoke authorization at any time.
We also support SAML authentication via the leading industry provider Okta in addition to OAuth for secure authentication.
Customers have complete control of data
Admin-controlled backups
Customer backup data is not accessible directly, it can only be accessed using the OpenText (Cloudally) platform. The OpenText (Cloudally) backups can only be activated, deactivated or restored by the customer’s data administrator.
Internal OpenText (Cloudally) staff do not have access to customer data, and only a limited number of core team members have access to production keys based on a “need to know” policy for problem resolution, and all access is logged in the audit log.
No data retention after deletion
All backup data is retained as long as you maintain your OpenText Cloudally Backup subscription. If you choose to cancel your subscription, your data will be deleted from the archives within 5 days. If you deactivate an individual user backup or database table/domain, that data will be deleted within 24 hours so we recommend downloading the data prior to deactivation if you want to retain the backed up data for local archiving.
Data privacy by design
OpenText Cloudally backups are stored in your choice of AWS data centers in US, Canada, Europe (France, Germany, and Ireland), the UK, Africa (South Africa) and Asia Pacific (Australia and Japan) as needed for compliance with data sovereignty directives. Or choose to Bring Your Own Storage (BYOS).
Payment processing
Payment processing, including credit card information, is hosted by our payment processor which is fully PCI compliant. No payment information is handled or stored on the OpenText (Cloudally) system.
Security built into our product DNA
For a product to be robustly secure security has to be built into the SDLC (Software Development Lifecycle). Security has to form the bedrock of company culture and credentials have to be independently evaluated.
In the design phase — OpenText Cloudally’s security team reviews all product design and requirement documents to identify any risks early in the development process.
In the development phase — We integrate security tools into the process that run whenever code is committed to detect any vulnerabilities.
In the testing/release phase — We perform penetration testing on our product and test extensively to detect potential vulnerabilities prior to deployment
OpenText (Cloudally) maintains a comprehensive employee onboarding process, including a device-management solution to all laptops, encrypting hard disks, enabling firewalls, and implementing a VPN.
All new hires are subject to a pre-employment background check in order to verify identity, references, and criminal history.
We require all new employees to complete comprehensive security awareness training, and we conduct annual training to maintain skill levels.
OpenText (Cloudally)'s validated secure credentials
ISO 27001 Compliant
Built on Amazon Web Service (AWS)
Supports HIPAA compliance
Strong encryption
Global datacenters
Intrusion detection
Compartmentalized access
99.99% uptime
Virtual private cloud
Supports GDPR compliance
UE-EU privacy shield certified
SaaS backup security
Stringently secure and compliance supported
- Supports HIPAA compliance requirements
- Strong encryption
- Global data centers, built on Amazon Web Service (AWS)
- Intrusion detection
- Compartmentalized access
- 99.99% uptime
Why is it critical to back up SaaS data?
7 compelling reasons your business needs SaaS backup now
Don’t rely on native retention—95% of data loss stems from human error, outages, cyberattacks, sync issues, insider threats, and compliance gaps. Discover how missing backups can cost millions, disrupt operations, and threaten legal standing—and how OpenText (Cloudally) safeguards your Microsoft 365, Google Workspace, Salesforce, and more with unlimited snapshots, point-in-time recovery, and audit-ready compliance.