SECURITY BY DESIGN

Secure Backup and Recovery
to Protect your Data

Comet keeps your data safe with end-to-end encryption during backup, transit and at rest for both local and cloud storage. Compliant with industry-leading cloud data protection, data encryption and security standards.

Try Comet for Free What is Comet?

Military grade
AES-256 encryption

Built-in SSL
integration

Two-factor Authentication
[2FA] support

Comet’s Key Security Features

Self-hosted

Comet Server Security

  • Customize restrictions for administrators and end users
  • Use web server [HTTP] to support firewall security
  • Built-in SSL support with Let's Encrypt integration
  • Secure, fully self-contained architecture by design
  • Flexible, secure backup data and metadata communications
  • LDAP/AD integration
Self-hosted

Comet Client Security

  • Client-side, advanced encryption compliant with the NIST’s AES-256-CTR standards
  • Custom rebrandable client software installers
  • Custom codesigning
  • Background service runs as a restricted permissions account
  • Option to lock Client GUI with admin password
  • Policy setting available to enable high-privacy mode
Self-hosted

Other Security Features

  • Comet Self-Hosted is HIPAA and GDPR complaint
  • Two-factor Authentication [2FA] support
  • TLS 1.3 "A" grade level security
  • Administrator IP Allowlist configuration
  • Comet hashes passwords with bcrypt/argon2id
  • Support for Yubikey/U2F hardware security keys
  • Group policies to prevent edit and deletes

Learn Best Practices to Secure your Backup Environment

Learn More About Comet’s Security

Can I use my own encryption key when setting up a new user account?

+

Comet always generates a random high-entropy encryption key for use with the actual data encryption algorithm. However, this random encryption key must be stored somewhere and must survive the event when an end user’s PC is lost or damaged. Comet uses a novel storage mechanism protected by the end user’s password. The end user’s account password is the root of trust for discovering the encryption key. Comet recommends using a strong password at all times.

Where is the encryption key stored?

+

The data encryption key itself is stored within the Comet Server. Within the Comet Server, a zero-knowledge ratchet over the end user’s password is used to protect the encryption key.

In the event of a PC loss, the end user’s password is all that is required to rediscover the encryption key.

The end user’s password and their encryption keys are never made visible to the Comet Server unless you enable the "Allow administrator to reset my password" option.

Can I backup data without encryption?

+

Encryption is mandatory in Comet. This is a major benefit, as Comet's client-side encryption allows you to use any storage provider without needing to worry about who might be able to read the data at rest. The encryption uses hardware-accelerated instructions where available (AES-NI or ARMv8], resulting in minimal CPU overhead.

How are customers isolated from each other?

+

Comet uses separate storage locations and separate encryption keys for each end user’s Storage Vault. If you use Comet's built-in ability to request new storage locations, they are provisioned with separate access credentials. This ensures no end user can read or decrypt another end user’s data.

Do I have to use Let’s Encrypt or can I use another SSL provider?

+

Comet Server has a built-in integration with Let's Encrypt that uses the ACME protocol to automatically provision new SSL certificates. If you're not able to use this service, you can supply a custom SSL certificate in X.509 (PEM] or PKCS12 file format.