Security best practices of CubeBackup for Google Workspace.

At CubeBackup, we understand the importance of data security for our customers, and we take this responsibility seriously as a backup solution provider. We strive to provide a higher level of security in our services, and recommend that you implement the following best practices to safeguard against potential threats on your valuable business data.

Keep a copy of the encryption key file

CubeBackup will generate an encryption key and use it to encrypt all your data before uploading it to the backup repository.

On Windows, the location is C:\Program Files\CubeBackup4\db\keys.json by default.
On Linux, the location is /opt/cubebackup/db/keys.json by default.

As long as the key is still accessible, it is always possible to set up a new CubeBackup instance and point it to your old backups, even in the unfortunate case of a server crash. Detailed instructions can be found here: Disaster recovery of a CubeBackup instance.

Please note that:

  1. If the key file is lost, your encrypted backup data will be completely unrecoverable. CubeBackup Inc. does not have access to any key files and will be unable to help you.
  2. If your encryption key is compromised and an unauthorized individual gains access to your backup storage, your valuable data may be at risk of loss or theft.

Enable HTTPS for your CubeBackup service

Keeping your HTTP connection to the CubeBackup service secure is crucial if you wish to access the backups from another machine, or even outside of your office network if allowed by your company's security policy. Enabling HTTPS for the CubeBackup web console provides another layer of protection for all operation requests.

CubeBackup can apply for a Let's Encrypt's free TLS certificate, and also allows you to upload your own certificate, which can be installed on the backup server automatically. For detailed instructions, see How to enable HTTPS/TLS for the CubeBackup web console.

Configure an IP whitelist for your CubeBackup service

Configuring an IP whitelist is an important step to ensure that your backup service is only accessible from trusted sources, minimizing the risk of unauthorized access and data breaches.

CubeBackup allows you to whitelist specific IP addresses to restrict service access. Set your own inbound rules following the instructions at How to configure an IP address whitelist in CubeBackup.

Enable Two-factor authentication (2FA) for your CubeBackup service

Enabling two-factor authentication (2FA) is a critical measure to protect your data from unauthorized access. With 2FA, an attacker would need more than just the CubeBackup admin's account to gain entry to your data, even if the password is compromised.

CubeBackup supports 2FA, and we strongly encourage you to enable this security feature for all admin accounts. It's a straightforward process, and you can get started by following the step-by-step instructions in our tutorial: How to enable Two-factor authentication (2FA) for the CubeBackup console login.