What is Norton Online Backup Security(Privacy) guarantee?

I am thinking about using Norton Online Backup for backing up my laptop. But I have a lot of sensitive information on it. So the question of security is critical for me.

I have read, that NOB uses 128 bit encryption for transferring and 256 bit encryption for storing data. Is there some paper, that verifies that? How can I be sure about that?  Because somebody could write whatever he want on his website and just steal information, for example. What kind of guarantee can I have that no one single employee will be able to access my data? And where is the encryption key stored on both sides(Norton and mine)?

And when I delete backup file from Norton web-site is it really deleted or just marked as deleted but still saved in database for possible restoring?




Re: What is Norton Online Backup Security(Privacy) guarantee?

Hello vlad111,

Let me check and see what materials we can provide for you. Either myself or a member of our team will post an update shortly.

Kudos1 Estatísticas

Re: What is Norton Online Backup Security(Privacy) guarantee?

Hi vlad111,

We completely understand your concern and can assure you as a global leader in security software, our focus is to protect your stuff from unwanted access by anyone, including our own employees.

During backup or download, the data in motion is transferred between your machine and our servers using 128-bit SSL encryption over TCP/IP using a 2048-bit certificate to ensure your data can't be accessed while in transit.  When signing in to Norton Online Backup on the web using your browser, you'll see that every page uses HTTPS which is also 128-bit SSL so that your data you access via the web is also secure.  The data at rest in our secure servers has been broken in to blocks on the client before it is transferred to our servers.  The blocks are encrypted on the client using AES-256.  Then the encrypted blocks are transferred to our servers and stored encrypted.  Norton has access to encryption keys but that access is secured with very tight access control.  Furthermore, encryption is not the only security measure we take. Norton's data centers are certified for security compliance by a third party. Most importantly, we develop all our services using industry leading security testing; threat modeling, penetration tests, and security audits prior to release. Even after going live, we are routinely audited by an external party to ensure our infrastructure and processes are safeguarding our users and user's data.

Regarding your concern about deleting backed up files, we have a 90 day retention policy for files marked for deletion, data from devices that have been removed, and all the data in an account that has been cancelled or expired.  This means that data is kept in our data center 90 days after it is marked for removal and then scripts are run to purge the data.  Once the data is purged, it is physically impossible to recover by anyone.  The data is kept for 90 days as an extra safety measure to users who accidentally delete or remove a device or who accidentally let their subscription expire and want to recover the deleted file, reinstate a removed device, or re-subscribe to the product without losing backed up data.

Thank you for asking the question. Like you, we are very passionate about security.

This thread is closed from further comment. Please visit the forum to start a new thread.