Encryption
Backup and replica data is a highly potential source of vulnerability. To secure data stored in backups and replicas, follow these guidelines:
At rest
Use Veeam Backup & Replication inbuilt encryption to protect data in backups. To guarantee security of data in backups, follow Encryption Best Practices.
Note: Encryption Best Practices from Veeam Backup & Replication user guide.
Note: Enabling encryption on deduplicated storage might affect the deduplication ratio.
In transit
Backup and replica data can be intercepted in-transit, when it is communicated from source to target over a network. To secure the communication channel for backup traffic, consider these guidelines:
- Isolate backup traffic. Use an isolated network to transport data between backup infrastructure components — backup server, backup proxies, repositories and so on (also see segmentation)
- Encrypt network traffic. By default, Veeam Backup & Replication encrypts network traffic traveling between public networks. To ensure secure communication of sensitive data within the boundaries of the same network, you can also encrypt backup traffic in private networks. For details, see Enabling Network Data Encryption.
Note: Enabling Network Encryption from Veeam Backup & Replication user guide.