NIS2, PCI-DSS, and ISO 27001 compliant backup — Client encryption + air-gap
Your backups check all the boxes: encrypted by your servers, inaccessible to our team, physically isolated from the network.
3 security pillars
Each protection layer works independently. Even if one is compromised, the other two protect your data.
Client-side encryption
AES-256 — the key never leaves your Proxmox servers. NimbusBackup stores data it cannot read.
- AES-256 encryption by Proxmox VE before sending
- Encryption key exclusively on the client side
- NimbusBackup never has access to data in clear text
Zero admin client option
Your PBS account is in append-only mode: you can backup, read, and restore, but you cannot add accounts or delete backups.
- Deletions only via support ticket + validation
- Protection against malicious insider on client side
- No backup modification without validation process
Physical air-gap
2 out of 3 disks are physically disconnected from the network at all times. Even in case of complete RDEM infrastructure compromise, these copies are intact.
- Weekly rotation of 3 disks
- Network-inaccessible — no ransomware can reach them
- ANSSI recommended method
Already with a Single Drive PBS
Even our entry-level plan (Single Drive PBS at 12EUR/TB) with the zero admin client option already provides very satisfactory guarantees:
To go further: the air-gapped plans add an ultimate physical protection layer.
Compliance mapping — NIS2, PCI-DSS, ISO 27001
| Requirement | NIS2 | PCI-DSS | ISO 27001 | NimbusBackup |
|---|---|---|---|---|
| Data encryption | Art. 21 | Req. 3.4 | A.10.1 | Client-side AES-256 via PVE |
| Access separation | Art. 21 | Req. 7 | A.9.1 | Append-only client account, zero admin |
| Malicious insider protection | Art. 21 | Req. 7 | A.9.2 | Deletions via ticket + validation |
| Ransomware protection | Art. 21 | Req. 5 | A.12.2 | Immutability + physical air-gap |
| Offsite backup | Art. 21 | Req. 9.5 | A.12.3 | Separate Equinix datacenter |
| Business continuity | Art. 21 | Req. 12.10 | A.17.1 | PBS restore < 4h |
| Data integrity | Art. 21 | Req. 10 | A.12.4 | Checksums re-verified every 30d |
| Data sovereignty | Art. 26 | — | A.18.1 | 100% France/EU, no transfer outside EU |
Scenario: compromise
Level 1 — Attacker compromises the client
They take control of your Proxmox servers, encrypt your VMs with ransomware.
They try to delete your NimbusBackup backups — impossible (append-only account, no deletion rights).
They cannot read the backups — AES-256 encrypted client-side.
Result: restore possible from NimbusBackup.
Level 2 — Attacker compromises RDEM Systems
In the unlikely event that RDEM admin workstations are compromised.
The attacker destroys online backups.
But: air-gapped disks are physically disconnected from the network — inaccessible, intact.
Result: air-gapped copies allow restore.
Which plan for which compliance level
| Protection | Single Drive | Double Drive | AirGapped | Drive Bank | Magnetic | Magnetic Bank |
|---|---|---|---|---|---|---|
| Client AES-256 encryption | ||||||
| Append-only + insider protection | option | option | option | option | option | option |
| Offsite separate datacenter | ||||||
| 2-site geo-replication | — | — | — | — | ||
| Physical air-gap | — | — | — | |||
| Bank vault | — | — | — | — | ||
| LTO 30+ year archiving | — | — | — | — | ||
| Hosting provider compromise protection | — | — | — | |||
| Ultimate protection | — | — | — | — |
Compare in detail: All pricing | Managed Proxmox Backup
FAQ — Compliance
Secure your backups — guaranteed compliance
Client-side encryption, append-only, physical air-gap. NIS2, PCI-DSS, ISO 27001.