- Communication data traffic between VB365 components are encrypted.
- Backup data is automatically encrypted in-flight between Backup Proxies and Object Storage Repositories.
- Backup data is stored encrypted at-rest in Object Storage Repositories using an encryption password specified by the administrator.
- Use separate encryption passwords for each Object Storage Repository. When a client decides to leave the service, you can hand over the encryption password without compromising any other repositories.
- Backup data is not encrypted at-rest for the following types of backup repositories:
- A local directory on a backup proxy server.
- Direct Attached Storage (DAS) connected to the backup proxy server.
- Storage Area Network (SAN).
- Network Attached Storage (SMB shares version 3.0 or later).
- Do not use 3rd party encryption software for backups in backup repositories as this may lead to unpredictable system behavior and inevitable data loss. Only use encryption that is transparent such as Bitlocker.
- Do not use deduplication software or deduplication appliances for JetDB-backed repositories. This is not supported.
- The encryption algorithm used is AES-256.
Source: About Data Encryption
In VB365, certificates are heavily used between all different components as well as the Microsoft 365 cloud. Please check the Certificates Overview page for more details.