Skip to content
Private MSP Beta now opening. Limited spots for qualified MSPs. Apply for access
Nimbus Black
How it works Join the MSP Beta
Security

Secure Backup for MSPs, Designed Around Trust Boundaries

Backup data is a high-value target, and MSPs hold it for many clients at once. Nimbus Black is built with tenant separation, controlled device enrollment, and encryption — with a security model you can explain to a security-conscious client.

Private MSP Beta Security-forward design
Architecture

How backup data flows.

Endpoints in a client tenant back up over an encrypted connection to tenant-isolated storage, using short-lived credentials, with events recorded for review.

Nimbus Black encrypted backup architecture A client tenant boundary contains Windows endpoints running the Nimbus agent. Backups travel over an encrypted, TLS-protected connection to the Nimbus Black cloud, where each tenant is stored in an isolated, encrypted store with retained restore points. A short-lived storage credential is issued to the agent, and all enrollment, backup, and restore events are recorded in an audit-friendly history. CLIENT TENANT BOUNDARY Workstation Nimbus agent · Windows Laptop · remote Nimbus agent · Windows ENCRYPTED IN TRANSIT · TLS SHORT-LIVED STORAGE CREDENTIAL NIMBUS BLACK CLOUD Encrypted backup storage Tenant A · isolated store encrypted · tenant-scoped Tenant B · isolated store encrypted · tenant-scoped Restore points retained per device Audit-friendly event history — device enrollment · backups · restores recorded for review

Illustrative architecture — security details vary by beta build and should be validated during onboarding.

Security model

The controls behind the platform.

Tenant-aware architecture

Client data is separated by design, so one tenant’s backups stay scoped to that tenant.

Device enrollment controls

Devices are enrolled and authorized before they back up — no silent, unmanaged endpoints.

Encrypted backup architecture

Backup data is encrypted in transit and at rest as it moves to and lives in the Nimbus Black cloud.

Short-lived storage credentials

Agents use limited-lifetime credentials rather than long-lived static keys, reducing exposure.

Audit-friendly event history

Enrollment, backups, and restores are recorded so important events can be reviewed.

Compliance-conscious roadmap

We are building toward the controls MSPs and their clients increasingly expect over time.

In the product

Immutability and verification controls.

Per-client security settings in the current beta build. Immutable storage and the compliance controls are an optional, in-beta capability gated behind the Compliance Pack.

Nimbus Black · Security & Immutable Beta
Immutable storage and Compliance Pack settings

Object Lock immutability, locked retention, and legal-hold readiness — an optional beta capability via the Compliance Pack.

Nimbus Black · Verification & Restore Beta
Backup verification and repository integrity checks

Backup verification, repository integrity checks, and restore testing, with the latest result reported per device.

What we do not claim

Honest about where we are.

Security marketing is full of certifications and absolutes. We would rather be straight with beta partners about what is in place today and what is still ahead.

  • We do not currently claim SOC 2, HIPAA, or other formal certifications. Where those matter, treat them as roadmap, not fact.
  • We do not describe any backup as “ransomware-proof” or guarantee instant recovery.
  • Capabilities and hardening evolve through the beta — validate specifics for your clients during onboarding.
Beta security disclaimer: Security features vary by beta build and should be validated during onboarding. Do not rely on the current build for untested production client backups.

Review the security model with us

Join the private MSP beta to dig into the architecture, ask hard questions, and validate what matters for your clients.

Join the MSP Beta Talk to Nimbus Black
Apply for Beta