Link Search Menu Expand Document
Veeam

Encryption

Backup and replica data is a highly potential source of vulnerability. To secure data stored in backups and replicas, follow these guidelines:

At rest

Use Veeam Backup & Replication inbuilt encryption to protect data in backups. To guarantee security of data in backups, follow Encryption Best Practices.

Note: Encryption Best Practices from Veeam Backup & Replication user guide.

Note: Enabling encryption on deduplicated storage might affect the deduplication ratio.

In transit

Backup and replica data can be intercepted in-transit, when it is communicated from source to target over a network. To secure the communication channel for backup traffic, consider these guidelines:

  • Isolate backup traffic. Use an isolated network to transport data between backup infrastructure components — backup server, backup proxies, repositories and so on (also see segmentation)
  • Encrypt network traffic. By default, Veeam Backup & Replication encrypts network traffic traveling between public networks. To ensure secure communication of sensitive data within the boundaries of the same network, you can also encrypt backup traffic in private networks. For details, see Enabling Network Data Encryption.

Note: Enabling Network Encryption from Veeam Backup & Replication user guide.

Back to top

Copyright © 2023 Solutions Architects, Veeam Software.
Please note that information provided in this guide is not produced or verified by Veeam R&D but is a result of community effort based on the field observations.