- Security Overview
- Barracuda Technical and Organizational Controls
- Platform Security and Oversight
- Barracuda Employees’ Commitment to Security
- Least Privileged Access to Customer Data
- Technical Support Data Access Training
- Data Location Transparency
- Redundancy and Segregation
- Customer Data Encryption
- Security Incident Notification
Security Overview
Barracuda understands the importance of your data and takes steps to secure it. Our policies regarding customer data are focused on providing you with confidence that your data remains secure.
The Barracuda security team implements technical and organization controls, via internal policies, procedures, and oversight activities, to protect and secure customer data and confidential information. For more product-specific security information, customers can request a copy of the relevant SOC 2 audit report.
Barracuda Technical and Organizational Controls
Platform Security and Oversight
Barracuda Employees’ Commitment to Security
Least Privileged Access to Customer Data
While customers can view their own data within the products at any time, Barracuda restricts access to Barracuda personnel and subcontractors through a role-based access control approach.
Barracuda personnel are granted access to customer data only when necessary. Role-based access controls grant Barracuda personnel access to customer data only when necessary to provide our products and services to our customers.
Barracuda subcontractors are granted limited access to data only to deliver the services we have hired them to provide. Subcontractors are prohibited from using customer data for any other purpose and are contractually required to maintain the confidentiality and security of customer information.
When an employee or contractor leaves Barracuda, a formal process is in place to immediately revoke physical and network access to Barracuda facilities and resources.
The operational processes and controls that govern access to and use of customer data are routinely verified. Barracuda regularly performs sample audits to attest data access is for legitimate business purposes. Strong controls and authentication limit access to customer data to authorized personnel only. When access is granted, whether to Barracuda personnel or our subcontractors, it is carefully controlled, logged, and revoked as soon as it is no longer needed.
Technical Support Data Access Training
Data Location Transparency
Barracuda understands that transparency in data storage locations is essential for customers operating in regulated industries or in countries with stringent data residency requirements. Barracuda maintains tenants on a network of cloud-scale data centers in various geographic locations around the globe. Depending on the product, customers may have the option to choose the region in which to store their data at rest. Some products only allow customer data to be stored in data centers in the United States. For more information about a particular Barracuda product’s data storage, please refer to the Product Guide.
All transfers of personal data outside of the European Union, the UK, and Switzerland are subject to authorized transfer mechanisms. See our Privacy page for more information on data transfers.
Redundancy and Segregation
Customer Data Encryption
Security Incident Notification
If Barracuda becomes aware of any security event that results in the loss, disclosure, or alteration of the Customer Data stored by Barracuda, (“Security Incident”), Barracuda will promptly (1) notify the relevant Customer of the Security Incident; (2) investigate the Security Incident; and (3) take reasonable steps to contain and mitigate the effects of the Security Incident.
Barracuda will notify the customer of relevant Security Incidents by a means selected by Barracuda, including via email. Customer must ensure that accurate administrator contact information appears on each applicable Cloud Services portal. Barracuda’s obligation to report or respond to a Security Incident under this section is not an acknowledgement by Barracuda of any fault or liability with respect to a Security Incident.
Customers should notify Barracuda promptly of any suspected or known misuse of its Barracuda accounts or authentication credentials or any other security incident related to a Barracuda product or service.