IDrive uses industry standard 256-bit AES encryption on transfer and storage. Data stored at our world-class data centers is encrypted using the encryption key (known only to you in case you set the private encryption key).
WARNING: IDrive does not store your private encryption key on its servers. It is recommended that you archive it safely to backup and restore your data. However, if you opt for the Default encryption key, you need not remember it.
Can I change my private encryption key for an existing IDrive account?
Yes. On resetting your existing account, you can change the private encryption key assigned to your account.
Note: Resetting your account permanently deletes all your backed up files and folders. If you have opted for local backup, you will lose access to the locally backed up files, so delete them before resetting your account.
The site does not show pad-lock related to SSL encryption when I try to sign in. Is my sign in secure?
Yes, your sign in is secure as by default we use secure HTTP protocol, thus adding the security capabilities of SSL to standard HTTP communications.
IDrive uses 256-bit AES encryption to transfer your Username and Password when you enter the sign in credentials. This ensures your details are secure during transfer since the information cannot be viewed by anyone as clear text.
However, when you just navigate to https://www.idrive.com, the site is not secure as with almost any site on simple navigation.
Where is IDrive data stored?
The IDrive applications and data are hosted at multiple world-class data centers. The data centers provide the physical environment necessary to keep the servers up and running 24/7.
These world-class facilities are custom designed with raised floors, HVAC temperature control systems with separate cooling zones, and seismically braced racks. They offer the widest range of physical security features, including state-of-the-art smoke detection and fire suppression systems, motion sensors, and 24/7 secured access, as well as video camera surveillance and security breach alarms.
We also have periodic third party reviews of our network infrastructure to check for known application and service vulnerabilities.
I have forgotten my private encryption key. What should I do?
The private encryption key is known only to you and no one else. Even the IDrive personnel do not have access to this key as it is not stored in the IDrive servers. You must try to recollect your private encryption key to retrieve your account data.
What is the difference between default encryption and private encryption?
Both, default encryption and private encryption, use the 256-bit AES encryption to encrypt your data. Default encryption uses a system generated key, whereas for private encryption, a user-defined key is used.
IDrive does not store your private encryption key on its servers. It is recommended that you archive it safely to backup and restore your data. However, if you opt for the Default encryption key, you need not remember it.
What is Shellshock? Is IDrive affected by it?
Shellshock, also known as Bashdoor, is a family of security bugs existing in the widely used Bash Unix shell. To date, 6 CVE's regarding Shellshock have been filed, the first of which was disclosed on September 24, 2014. Many Internet daemons, such as web servers, use Bash to process certain commands. The Shellshock bug lets attackers cause vulnerable versions of Bash to execute arbitrary commands, allowing them to gain unauthorized access to a computer system. For more information, you may refer the Wikipedia article regarding Shellshock.
Our security team has verified that IDrive services are not affected by this security vulnerability. We nonetheless applied the necessary patches to all external and internal systems. We've also verified that our software is not susceptible to Shellshock. Our users are completely secure from this bug, and need not update or take other action to avoid it.
Will I receive a call from IDrive to provide confidential information?
Stay assured that IDrive will never call you asking for sign in information, requesting payment or any other such confidential information. If you do receive a call of this nature, it is probably a phishing attempt. Do not share any information, and immediately contact us at firstname.lastname@example.org so that we could provide quick assistance.
How does the private encryption key work? Is it stored on IDrive servers?
- A sample value is encrypted using a one-way encryption mechanism when you provide the key during the first login via IDrive desktop application.
- This encrypted sample value is sent to the server using dynamically salted AES 256-bit encryption.
- The encryption key that you set on your local machine will be further used to encrypt data using industry standard AES 256-bit on the client before it is transmitted to the server.
- The personal key can be decrypted only by the IDrive application. This encrypted sample value on the server is used for validation for future logins.
So while IDrive does not store the encryption key, a sample one-way encryption value is stored to validate future logins. Only the sample encrypted value is transmitted and at no time the key is transmitted to the servers. You can not deduce the key from encryption value as it is a one-way encryption.
IDrive decrypts the file locally; the decryption happens on local clients and not on servers while using Desktop Apps.
Now, on the Web or the web based interface situation is slightly different. The process is exactly the same, except that the 'client' here is an 'intermediate processor' and not the desktop. The data is not decrypted on the actual servers that host the data, but on the 'intermediate processor' on the fly and then brought to the browser interface via SSL interface. The 'intermediate' processors are segregated from the servers that host the encrypted data. This is a slight compromise for ease of use. You can avoid accessing private key enabled accounts via the web to avoid this entire process that involves intermediate processors.
Is IDrive FIPS compliant?
IDrive assists users in achieving compliance to the benchmarks laid out under the Federal Information Processing Standards (FIPS) validation for cryptographic products/software used in the USA. IDrive uses FIPS approved encryption algorithms and adheres to physical security.
Does IDrive provide a HIPAA Business Associate Agreement (BAA)
IDrive assists organizations in the healthcare industry stay compliant with the benchmarks laid out under HIPPA. IDrive also supports the federal mandates of SOX, GLBA, and SEC/FINRA.