Q: Is Trello Secure?


Let’s talk about Trello. It’s a pretty nifty cloud based, project management tool used by millions to manage just about everything from content calendars to storing all your business’ customer data. Trello is full of business critical information that is an essential to your day to day operations.

With so much data packed into boards, now is the time to think about taking a proactive approach to ensuring the security of your Trello data.

So, is Trello secure?

Trello provides a secure experience for customers by keeping their security systems up to date with the best practices.

The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard that organizations must adhere to when handling credit card and debit card information. The Payment Card Industry Security Standards Council created this standard to protect cardholder data used for online payments.

Trello has done their due diligence and is certified Level 1 PCI DSS compliant, meeting all six categories of PCI standards:

  • Maintain a secure network
  • Maintain a vulnerability management program
  • Regularly monitor and test networks
  • Protect cardholder data
  • Implement strong access control measures
  • Maintain an information security policy

This compliance is extended to all Trello accounts.

Trello Account Security

The best way to approach data security for a cloud-based tool like Trello is the Shared Responsibility Model:

The Shared Responsibility Model explains that keeping your Trello account’s data secure is a shared responsibility between you, the account owner, and Trello.Trello takes care of the software, infrastructure and disaster recovery of the entire platform. You, as the user, are responsible for password security, permissions given to users and third-party apps, and backups of the data you put into your account.

Web app providers take extensive precautions to ensure their infrastructure won’t fail and to maintain ~99.98% service availability. They all have a security team that is dedicated to the platform’s availability. This is one of the many benefits of using a managed service like Trello.

For instance, in the unlikely event that one of Trello’s data centres is crushed by a meteorite, the security team will recover the entire platform to the last backup. You might experience a few minutes of downtime, or even none at all depending on how fast they can react to the situation.

But their backups cannot be used to recover a single account back to a previous point in time or to recover just a selection of your data, like a board, list, or card.

While Trello suggests using JSON and/or CSV exports of your data as a workaround, it’s not an ideal method or user friendly.

We explain why here:

What Trello offers, is a macro-backup of their entire system. Trello runs an encrypted full backup every 24 hours. This covers you for incidents on their end which impact their entire user base, such as data breaches. What Rewind offers you is a micro-backup of just your account. It’s an accessible backup of your Trello data. One you can use to swiftly recover important information.

Human error, malicious attacks, and software glitches caused by 3rd party software are just some of the reasons why people lose important information in Trello. Using an automated backup service like Rewind for your web apps makes backups and recovery simple and gives you peace of mind about the security of your business-critical data. It’s like having an insurance policy on your digital data.

You don’t need to be an expert in backups, spend an afternoon each week managing your backups, or have your own IT team. It’s a set-it-and-forget-it type of process which helps you recover from all types of possible data disasters. That’s a pretty good deal if you ask us.

Add the Trello Power-up today!