User is encouraged to encrypt all backups that are stored in the cloud storage, especially if your company is subject to regulatory compliance.
There is NO way to recover encrypted backups if you lose or forget the password.
How to enable encryption in a backup plan
- To enable encryption, specify the encryption settings when creating a backup plan.
- After a backup plan is applied, the encryption settings cannot be modified.
- To use different encryption settings, create a new backup plan.
To specify the encryption settings in a backup plan
1. On the backup plan panel, enable the Encryption switch.
2. Specify and confirm the encryption password.
3. Select one of the following encryption algorithms:
AES 128 – the backups will be encrypted by using the Advanced Encryption Standard (AES) algorithm with a 128-bit key.
AES 192 – the backups will be encrypted by using the AES algorithm with a 192-bit key.
AES 256 – the backups will be encrypted by using the AES algorithm with a 256-bit key.
4. Click OK.
How the encryption works
- The AES cryptographic algorithm operates in the Cipher-block chaining (CBC) mode and uses a randomly generated key with a user-defined size of 128, 192 or 256 bits.
- The larger the key size, the longer it will take for the program to encrypt the backups and the more secure your data will be.
- The encryption key is then encrypted with AES-256 using an SHA-256 hash of the password as a key.
- The password itself is not stored anywhere on the disk or in the backups; the password hash is used for verification purposes.
- With this two-level security, the backup data is protected from any unauthorized access, but recovering a lost password is not possible.