Should I Enable backup file encryption for Veeam Backups?

Hi All,

Wondering should I enable backup file encryption for my Veeam backups? It make seance to do so of course but will it have a significant impact on backup and restore times?

Steve HoodIT ManagerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Andrew Hancock (VMware vExpert / EE Fellow)VMware and Virtualization ConsultantCommented:
Does it make sense to do it ?

Are your backups at risk ?

If you do decide, make sure you have good documentation, and document the password to encrypt!

and when you've documented the passwords and keys, how then has access to them, and is this protected and by who ?

As for performance, on backup and restore not really noticeable if encryption is enabled.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Philip ElderTechnical Architect - HA/Compute/StorageCommented:
We enable encryption for all at-rest Veeam and ShadowProtect backups. Otherwise the data is there for the taking.
btanExec ConsultantCommented:
The only way (or minimally to do is) to adequately protect that data is through encryption. It is also for compliance which you can check with your security folks. HIPAA, for example, requires companies to protect sensitive data against exposure. As such, an unencrypted backup tape could possibly be considered a direct violation.

That said not forget the need to come up with a comprehensive plan for protecting the (encryption) key management system. Typically, this means backing it up separately from everything else and storing those backups in a way that makes it easy to retrieve the keys in the event of a major disaster (part of business continuity and data recovery plan).

Also take note of security consideration to reduce data leakage risk

It is a valid concern for performance so it is more of testing in your environment. The scheduled backup and approach for backup would be discussed.
It is not recommended that you install Veeam Backup & Replication and its components on mission-critical machines in the production environment such as VMware vCenter Server, Domain Controller, Microsoft Exchange Server, Small Business Server/ Windows Server Essentials and so on. If possible, install Veeam Backup & Replication and its components on dedicated machines. Backup infrastructure component roles can be co-installed.
and of course meet the requirements for the platform to support the backup. Below just an example

You can note this consideration
Data encryption has a negative effect on the deduplication ratio if you use a deduplicating storage appliance as a target. Veeam Backup & Replication uses different encryption keys for every job session. For this reason, encrypted data blocks sent to the deduplicating storage appliances appear as different though they may contain duplicate data. If you want to achieve a higher deduplication ratio, you can disable data encryption.
btanExec ConsultantCommented:
for author advice
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.