Showing results for 
Search instead for 
Did you mean: 

Why is it important to safeguard your Backups?

Level 2

According to the OWASP Top Ten Security Risk, sensitive data exposure is among Top 10 Security risks for applications. That means, your data at Rest and in Transit is vulnerable and may be compromised if not adequately protected. 

Backups are nothing but a copy of your source data. Imagine your backup sets falling into the wrong hands; it can be subject to unauthorized extraction of vital business information. 

 There are many costly consequences of compromised data, such as: 

  • Revenue loss 
  • Damage to Brand reputation 
  • Loss of Intellectual Property (IPR) 
  • Online vandalism 

It’s a risky situation, isn’t it? 

Your backup data is of utmost importance. It must be protected and kept secure. 

When should encryption be used 

As an industry standard, it is recommended to enable encryption for backups targeting detachable devices such as Tape devices & RDX devices. Since the media is being sent offsite, it is wise to ensure that data is protected via encryption. 

Even backups sent to cloud storage devices need to be protected with encryption, given that data travels across the wire, and there are risks of data interception while it is in the transit. KDF-Image1.png

What are the encryption enhancements in Backup Exec 21.1?

Veritas Backup Exec already provides data encryption capability by encrypting customer data at the source, sending said data over a secure connection, thereby ensuring security during transit as well as at rest.  In our continued commitment to quickly bring incremental improvements to features that we release, Veritas Backup Exec 21.1 makes use of PBKDF2, which is the enhanced password-based key derivation function v2 algorithm for generating passphrase-based AES-256 encryption keys.

With the newly introduced key generation method, the complete list of encryption keys can be categorized as follows and as depicted in the picture below:

  • 256-bit Advanced Encryption Standard (AES)
  • 256-bit AES (SHA2)
  • 256-bit AES (PBKDF2)
  • 128-bit Advanced Encryption Standard (AES)KDF-Image2.png

AES-256 bit keys generated using PBKDF2 is compliant with the FIPS 140-2 standard, which is commonly used in government and public sector organizations.


Veritas strongly recommends using encryption while configuring backup jobs to protect data from unauthorized access. With continuous improvements to features in each release, you can rest assured that your backup data is protected.

See the following links for more information: