Comprehensive data protection for all workloads
Post Reply
ruidc
Influencer
Posts: 10
Liked: never
Joined: Feb 26, 2015 7:52 am
Full Name: Rui Da Costa
Contact:

Encryption and security in the Cloud

Post by ruidc »

I'd like to clarify two questions:
1. A representative from our cloud service provider has told me that despite having encryption turned on for our backup job, upon replicating to the cloud, the data stored on their side is in the clear, this is contradictory to what i see in the encryption white paper, can anyone confirm the truth?

2. The only thing keeping us from accessing our backups in the cloud is a username+password pair, again the cloud service provider suggested that something like two-factor authentication (eg. a one-time-password) would need to be incorporated by Veeam as a future feature, is this correct?

Thanks in advance,
R
foggy
Veeam Software
Posts: 21069
Liked: 2115 times
Joined: Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson
Contact:

Re: Encryption and security in the Cloud

Post by foggy »

Hi Rui, how do you replicate data to the cloud? If you're using backup copy job, you can enable encryption on them.
Vitaliy S.
VP, Product Management
Posts: 27055
Liked: 2710 times
Joined: Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov
Contact:

Re: Encryption and security in the Cloud

Post by Vitaliy S. »

Cannot comment on the future releases, but two-factor authentication is, indeed, would be a good feature to have.
ruidc
Influencer
Posts: 10
Liked: never
Joined: Feb 26, 2015 7:52 am
Full Name: Rui Da Costa
Contact:

Re: Encryption and security in the Cloud

Post by ruidc »

thanks for the replies:
1. No, job is implemented via replication so VMs can be started in partial or full failover on cloud infrastructure. Given this setup, what would be the encryption status of my replicas?
2. but is it something that can be implemented by the cloud provider or does it need to be by the Veeam product?

Regards,
R
foggy
Veeam Software
Posts: 21069
Liked: 2115 times
Joined: Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson
Contact:

Re: Encryption and security in the Cloud

Post by foggy »

Replication jobs do not use encryption and replicas are stored in their native format (otherwise hypervisor will not be able to access/manage this VM), so unencrypted. You should look at some datastore encryption solution or enable permissions control to the datastore.
Vitaliy S.
VP, Product Management
Posts: 27055
Liked: 2710 times
Joined: Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov
Contact:

Re: Encryption and security in the Cloud

Post by Vitaliy S. »

ruidc wrote:but is it something that can be implemented by the cloud provider or does it need to be by the Veeam product?
It depends. For example, if service provider has its own portal, then he might already have this feature. If not, then it has to be done on Veeam side.
ruidc
Influencer
Posts: 10
Liked: never
Joined: Feb 26, 2015 7:52 am
Full Name: Rui Da Costa
Contact:

Re: Encryption and security in the Cloud

Post by ruidc »

foggy wrote:You should look at some datastore encryption solution or enable permissions control to the datastore.
Can you elaborate or point me at some relevant documentation?
ruidc
Influencer
Posts: 10
Liked: never
Joined: Feb 26, 2015 7:52 am
Full Name: Rui Da Costa
Contact:

Re: Encryption and security in the Cloud

Post by ruidc »

Vitaliy S. wrote:It depends. For example, if service provider has its own portal, then he might already have this feature. If not, then it has to be done on Veeam side.
but if i connect from veeam console to set up the service provider, the service provider could theoretically add 2FA there?
foggy
Veeam Software
Posts: 21069
Liked: 2115 times
Joined: Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson
Contact:

Re: Encryption and security in the Cloud

Post by foggy »

ruidc wrote:Can you elaborate or point me at some relevant documentation?
I cannot elaborate on the particular solution, but Google says there're some that implement VMs encryption that is transparent both to the hypervisor and VM itself.
Vitaliy S.
VP, Product Management
Posts: 27055
Liked: 2710 times
Joined: Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov
Contact:

Re: Encryption and security in the Cloud

Post by Vitaliy S. »

ruidc wrote:but if i connect from veeam console to set up the service provider, the service provider could theoretically add 2FA there?
Theoretically - yes, that's a possibility.
dellock6
Veeam Software
Posts: 6137
Liked: 1928 times
Joined: Jul 26, 2009 3:39 pm
Full Name: Luca Dell'Oca
Location: Varese, Italy
Contact:

Re: Encryption and security in the Cloud

Post by dellock6 »

ruidc wrote:but if i connect from veeam console to set up the service provider, the service provider could theoretically add 2FA there?
If you are talking about Veeam Cloud Connect (it seems so by reading the thread...) then native accounts in VCC only have username and password. 2FA can be applied to a custom portal for self-service, but as of today the account login to Veeam Cloud Connect is username/password.

Luca
Luca Dell'Oca
Principal EMEA Cloud Architect @ Veeam Software

@dellock6
https://www.virtualtothecore.com/
vExpert 2011 -> 2022
Veeam VMCE #1
Post Reply

Who is online

Users browsing this forum: Bing [Bot] and 241 guests