Enabling encryption
Cohesity recommends that you enable data encryption at rest and in transit. Encryption prevents unauthorized data access and theft. If data is encrypted with robust industry standards, attackers cannot access it even if the data is stolen.
NetBackup software provides various options to configure encryption. To ensure optimal security, NetBackup includes encryption features for data at rest and in transit. You can encrypt your data before you send it to the cloud. You can use the built-in NetBackup key manager service (KMS) or configure NetBackup with a third-party KMS during storage server configuration.
Another way that your data is protected is with certificates, which create an encrypted connection between hosts. By default, NetBackup and NetBackup appliances use self-signed certificates for host communication. You can choose to configure external certificates instead. When you use external certificates, they are validated for authenticity by an external certificate authority (CA). In this way, the identity of the certificate holder is verified through a publicly known and trusted third party.
How to enable encryption:
Flex Appliance
Flex Appliance meets Federal Information Processing Standards (FIPS) 140-2 standards to keep data encrypted at rest and in transit. FIPS is enabled during the Flex Appliance installation process.
NetBackup Appliance
See About data encryption .
NetBackup
See About FIPS support in NetBackup.
See Installing KMS.
Access Appliance
How to configure external certificates:
Flex Appliance
NetBackup Appliance
NetBackup
See Workflow to use external certificates for NetBackup host communication.
NetBackup Flex Scale
See Deploying external certificates on NetBackup Flex Scale.
Access Appliance