How does Cirrus protect the data in my Microsoft 365 subscription?

Protected Keyboard | Teams Chat Security

Microsoft 365 is an excellent platform that offers organisations the tools they need to communicate and collaborate anywhere, anytime. With approximately 240 million global users leveraging this platform every month, businesses worldwide have realised the broad range of benefits this solution offers.

Cirrus is an online, self-service portal for clients to manage their Microsoft 365 backups. It allows you to backup the essential business data stored in your Outlook emails, calendar, and contacts. In addition to protecting your email-related content, Cirrus also protects the data stored in SharePoint sites, OneDrive folders, and Teams chats and channels.


Cirrus protects your data from internal and external threats. We use a secure layered architecture to ensure maximum security and minimise the attack surface of the product. Built on a microservices architecture, with no data-related services accessible from the Internet, the only service customers can access is the user interface, which we protect with a secure Web Application Gateway.

In addition to perimeter protection, we also segment our customer environments to ensure the confidentiality and integrity of your data. For example, our storage is not Internet-facing, and there is no resource sharing between organisations. Furthermore, we store all backup data in a dedicated Azure Cold Storage Account and leverage Veeam’s advanced 256-bit TLS encryption to protect data in transit and at rest.

Ensuring we provide a safe and compliant service is our top priority. For example, our support personnel can only access your backup environment via a secure encrypted VPN connection to a dedicated management service. Furthermore, our support team and the service administrators cannot view customers backed up data. They only have access to a separate Cirrus UI that restricts their visibility to scheduled backup jobs and the backup logs.

Our ransomware protection solution includes an air-gapped location that is not visible or accessible by customers or available via any public routing. As we automatically move any deleted files to this location, we continuously protect your data from a potential ransomware infection.


As mentioned, we have invested in technical, physical, and administrative safeguards to keep your data secure. We continuously monitor our Cirrus environment and have robust processes in place to notify you if there appears to be unauthorised access to your account. In addition to this notification, we may also restrict access to certain parts of our services until you verify that access was by an authorised user.

In addition to the safeguards mentioned, we also protect your data with the following processes and technologies.

  • A regular 3rd party penetration test verifies the security of our front-end web application.
  • We leverage Role-Based Access Controls (RBAC), so our team can only access the particular elements of our platform needed to support the environment and our customers.
  • Cirrus leverages Multi-Factor Authentication to protect our support login process from external password-related attacks.
  • We log every support action and change in admin permissions on your account.
  • All recoveries are locked down so Cirrus users can only restore to their own Microsoft 365 instance.
  • We are PCI compliant and process all credit card transactions via Stripe LLC. Furthermore, all credit card data is encrypted, and monthly charges only occur on the provision of a secure token from Stripe LLC.


The Canopy Tools Group is proud Veeam Cloud Service Providers. We built Cirrus on Veeam’s award-winning technology and underpin it with a Veeam Certified Solution, Veeam Cloud Connect. Leveraging this world-leading platform allows us to offer our clients the best possible backup and data protection solution for their Microsoft 365 backups.