Security

Barracuda uses a defense-in-depth strategy and proprietary hardened software and operating systems to protect data and services. Barracuda conducts regular inspections to ensure the security of its systems.

All Barracuda employees accept and acknowledge Barracuda’s policies for nondisclosure and protection of Barracuda and third-party confidential information, including the acceptable use of confidential information.

While customers can view their own data within the products at any time, Barracuda restricts access to Barracuda personnel and subcontractors through a role-based access control approach.

Barracuda personnel are granted access to customer data only when necessary. Role-based access controls grant Barracuda personnel access to customer data only when necessary to provide our products and services to our customers. 

Barracuda subcontractors are granted limited access to data only to deliver the services we have hired them to provide. Subcontractors are prohibited from using customer data for any other purpose and are contractually required to maintain the confidentiality and security of customer information.

When an employee or contractor leaves Barracuda, a formal process is in place to immediately revoke physical and network access to Barracuda facilities and resources. 

The operational processes and controls that govern access to and use of customer data are routinely verified. Barracuda regularly performs sample audits to attest data access is for legitimate business purposes. Strong controls and authentication limit access to customer data to authorized personnel only. When access is granted, whether to Barracuda personnel or our subcontractors, it is carefully controlled, logged, and revoked as soon as it is no longer needed.

Barracuda support technicians may come into contact with customer data and confidential information while providing technical assistance at the customer’s request. These technicians undergo comprehensive training with management oversight to ensure proper data protection and security procedures. Technicians are certified on a per product basis and their product knowledge is tested through formal online training. All technicians must meet a pre-defined standard before supporting customers directly. Also, Barracuda support technicians receive ongoing training in product-specific training sessions.

Barracuda understands that transparency in data storage locations is essential for customers operating in regulated industries or in countries with stringent data residency requirements. Barracuda maintains tenants on a network of cloud-scale data centers in various geographic locations around the globe. Depending on the product, customers may have the option to choose the region in which to store their data at rest. Some products only allow customer data to be stored in data centers in the United States. For more information about a particular Barracuda product’s data storage, please refer to the Product Guide.

All transfers of personal data outside of the European Union, the UK, and Switzerland are subject to authorized transfer mechanisms. See our Privacy page for more information on data transfers.

Barracuda provides for data redundancy (ie. live replication) in SaaS products (where applicable). Data is segregated between production and non-production settings. For more information regarding redundant data storage and data segregation, please see the applicable Product or Service Description on the Product Guide.

Customer Data is encrypted at rest and in transit. Please see the specific Product or Service Description on the Product Guide for information regarding encryption.