Encryption
Overview
Veeam Backup & Replication has multiple Data Encryption capabilities, and customers can use one of the encryption methods or a combination to protect against unauthorized access to data.
-
At rest: Veeam Backup & Replication uses AES256 algorithm to cypher all the data written to backup repositories (block, tape, cloud repository or object storage). We strongly invite to enable encryption whenever possible, to guarantee Data Confidentiality and protect from Exfiltration. The only notable exception is the use of deduplication appliances, that suffer when dealing with encrypted data. Blockcloning technology (on both Microsoft REFS and Linux XFS) is totally compatible with Veeam encryption, so storage savings are possible while making data confidential at the same time.
-
In transit: if communications between Veeam components are crossing untrusted networks, we suggest to also enable in-transit encryption.
-
Password Loss Protection: available in Veeam Backup Enterprise Manager, allows authorized Veeam users to recover data from the backup even if the encryption password is lost. For more details on this feature, refer to the corresponding section of the User Guide.