Encryption

The Advanced Encryption Standard (AES) cryptographic algorithm operates in Galois/Counter mode (GCM) and uses a randomly generated 256-bit key. The encryption key is then encrypted with AES-256 algorithm by using the SHA-2 (256-bit) hash of the password as a key. The password itself is not stored anywhere on the disk or in the backups, and the password hash is used for verification.

With this two-level security, the backup data is protected from unauthorized access, but recovering a lost password is not possible.

Using the AES-256 algorithm with a strong password provides quantum-resistant encryption. It is safe against cryptanalytic attacks that rely on quantum computing.

We recommend that you encrypt all backups that are stored in the cloud storage, especially if your company is subject to regulatory compliance.

You can configure encryption in the following ways:

  • In the protection plan
  • As a machine property, by using the Cyber Protect Monitor or the command-line interface