Security — Acronis Trust Center

Acronis Trust Center

Encryption for security

With end-to-end encryption at every stage – at rest, in transit, or in cloud storage – Acronis products ensure your data is always safe, secure, and private. Data is encrypted using the enterprise-grade AES-256 algorithm for Acronis at-rest storage and protected by a user-defined password, so only you have access. Even the metadata communications between your system and the Acronis Cloud are encrypted for total security.

Secure code: transparent development with security in mind

Protecting customer data from modern threats means our products must be developed with security in mind. Acronis achieves this objective by:

• Applying Secure Software Development Life Cycle (S-SDLC) which focuses on incorporating security into the development cycle.

• Developing and continuously maintaining a corporate culture dedicated to security.

Acronis recognizes the existence of credible information security threats. In addition, all our developers regularly train on the latest security development practices, which are implemented across our R&D organization.

Secure code: transparent development with security in mind

Bug bounty program

Please report it to us and we will take care that you are fairly awarded for your discovery!

As leaders in cyber protection, we develop our products with a focus on security, ensuring efficient data protection. Our dedicated Application Security, Infrastructure, SOC, and Compliance teams work tirelessly to ensure vulnerability-free products that customers can rely on for protection against modern cyberthreats.

To support these efforts, Acronis has been running a bug bounty program on HackerOne since 2018. We work closely with the security community and embrace researchers who contribute toward the optimization of our products. If you believe you have found a security issue, please report it to us and we will take care that you are fairly awarded for your discovery!

Security Advisory

As a partner of the CVE® Program, Acronis is a CVE Numbering Authority (CNA) responsible for publishing disclosed cybersecurity vulnerabilities as CVE Records for all Acronis products. For information on security advisories and updates, see Acronis Security Advisory Database.

The Security Advisory Database provides a complete list of all the fixed vulnerabilities and important updates for Acronis' products or services. Customers can easily search for a specific product or service to see the list of vulnerabilities and updates associated with it. The database is updated regularly to ensure that customers have the most up-to-date information available.

Penetration testing

As part of our commitment to maintaining a high level of security and compliance, we conduct at least annual penetration testing of our cloud data centers by external companies.

The penetration testing is conducted by third-party security experts who are certified and accredited to perform such tests. The purpose of these tests is to identify any vulnerabilities or weaknesses in our systems and ensure that they are promptly addressed to protect our customers' data and our infrastructure.

We are pleased to inform you that our latest penetration testing report has been completed, and we are happy to make it available upon request. Our team of security experts has thoroughly reviewed the report and has already taken steps to address any identified vulnerabilities. If you want to get our current pen test report, please contact your account manager or support.