Must I Encrypt All the Backup Data

Data encryption continues to become a very import part of many businesses backup strategy.  Some businesses implement encryption as part of their backup practice for an added measure of security, as well as government mandates and regulations requiring encryption.   However, there are also those businesses that choose not to implement encryption due to the perceived added complexity of their backup environment.  And still those businesses that steer away from encryption because only a small portion of their data is considered sensitive enough for them to encrypt and so they do nothing for fear of adding complexity to the overall backup environment.   

The Quest DR appliance has had the ability to provide backup encryption for several years now.  However, in previous versions of the appliance software encryption at rest was an all or nothing choice.  Meaning that the appliance would allow a user to create multiple backup containers on the DR appliance to control the data type sent to each container, but a user could not choose to just encrypt the container with sensitive data.  Encryption had to apply to all data on all containers.

Now with the 4.0 version of the DR appliance a user has the ability to organize data by creating storage groups and creating containers within those storage groups on the DR Series system.  A storage group allows a user to create separate storage policies.  One of those policies could be to only encrypt the data within containers of a specific storage group.  This would allow a user to create a single container or multiple containers within a storage group and encrypt just the containers in that group while all other data in the repository is not encrypted.

When encryption is enabled, the DR Series system uses the Industry standard FIPS 140-2 compliant 256-bit Advanced Encryption Standard (AES) encryption algorithm for encrypting and decrypting user data.

About the Author
Systems Consultant specializing in Data Protection