Cloudberry O365 security

We’re evaluating Cloudberry MSP360 to backup on-prem and O365 workloads. For on-prem, you can specify a password for encryption of data BEFORE sending the backup to your storage destination. Cloudberry doesn’t know this password, and can’t help you if you need to restore the data (which I view as a good thing). However, for O365 backups this same customer supplied password option doesn’t exist. They say this is a feature request they hope to implement in the future. At least with Cloudberry, we can store O365 backups somewhere else so they have no visibility into the data at rest. So my question is this…is there a vendor (or is it even theoretically possible) to do cloud-to-cloud backups of Office 365 where the backup vendor uses the O365 management API, and achieve zero-knowledge backup? Or is the only real way you can be absolutely certain is if you do Office 365 to local backup (like Synology Active Backup)?

You could find a bare metal provider and use that as your target. Then you don’t have to deal with data going on-prem.

Cloudberry offers cloud-to-cloud backup and are storage agnostic, whether the target is a cloud storage provider or on-prem nas. My question is on the security and implementation of cloud-to-cloud backup for Cloudberry…or any cloud-to-cloud backup for O365 or Google. Can you achieve zero-knowledge, cloud-to-cloud backup of O365? Are there privacy and security centric backup vendors that tout this as a feature?

Not sure if Veeam meets your criteria, but check out what they have to offer.