Encrypting Backup Data

Data Encryption provides the ability to encrypt data both for transmission over non-secure networks and for storage on media. The flexibility of key management schemes makes data encryption useful in a wide variety of configurations.

The software provides the following data encryption methods:

  • Software encryption allows you to encrypt data during backup job, auxiliary copy job, and data replication job.


    • The Crypto Library module supports the software encryption methods approved by the Federal Information Processing Standard (FIPS) as well as additional software encryption methods not approved by FIPS.

    • The National Institute of Standards and Technology (NIST) has the Commvault's FIPS 140-2 Certified Crypto Library 2.0 Certificate #3060 listed on the cryptographic module validation program (CMVP) website.

  • Hardware encryption allows you to encrypt data on tape drives that have built-in encryption capabilities.

With any of the encryption methods, keys are always stored in the CommServe database. Optionally, you can store keys on the media. This can be useful when using the external tools such as Media Explorer to recover the data from the media.