Liferay is committed to data integrity. There are several systems and processes in place to protect against data loss and maintain data security. Here is a look at some of the protections we have in place to keep your data safe, secure, and up to date.
Data Backups
Liferay makes sure that your environment is prepared for the unlikely event of a data issue. Backups of your database and document library are taken on a regular basis and can be used to restore the environment to a previous state should the need arise. Backups are initiated and managed by Liferay so there’s no additional maintenance or steps required by the customer. If a backup or restore is needed, or you’d like a copy of your data, simply submit a ticket and our support team will assist you(note that backups have a retention period of 30 days).
Data Import/Export
For user managed data transferring, customers can leverage LAR files. With LAR files, content like pages and widgets can be downloaded and uploaded to and from sites at will. Additionally, documents can be accessed and downloaded directly from the Document Library.
Recovery Point Objective (RPO) and Recovery Time Objective (RTO)
Our regular data backup procedures allow us to maintain competitive recovery objectives for Liferay SaaS environments. The RPO in Liferay SaaS is set at 8 hours, meaning the maximum data loss in case of an incident would be the last 8 hours of data. The RTO is defined at 5 hours for default storage, indicating the maximum duration that service can be down in case of an incident. Please note that these metrics might increase depending on the volume of extra storage purchased.
Data Regions and Backups
We understand the importance of data sovereignty and therefore maintain strict policies to safeguard your data. Backups containing the customer's data are restricted to the predefined Data Region and are never transported outside of this region, whether physically or through network routing, upholding data residency compliance. See Available Regions for Liferay Experience Cloud for a current list of regions.
Data Encryption
All sensitive, private, and restricted data stored in our databases is securely encrypted at rest using the advanced AES-256 encryption standard. For key management, we use Google-Managed Encryption Keys (GMEKs) to provide an additional layer of security. Please note that, as of now, we do not support Customer-Managed Encryption Keys (CMEKs). All data in transit is protected using enforced SSL connections, which also employ a minimum of AES-256 encryption to safeguard your data transmissions.