Backup Encryption Strategy and Best Practices

  • I work for a local government and we have many systems and each have their own SQL server.  We are wanting to start encrypting the backups. The main reason due to cyber threats and someone getting hold of a back up and restoring it outside of our network.

    With that being said, My initial thoughts are to use the same server certificate to encrypt our backups on all servers. That way the management and security of that one key would be easier.  However you could restore any backup to any one of our servers. We seem to be alright with that.  Our systems Analysist back each other up and have permissions to the different systems.

    I can not think of any reason really to use different keys. Any thoughts on why we should use different server certificates for the backups?

    Sometimes the vendor request a backup of our data to investigate an issue , data migration and or development  work. I would create them their own certificate to use to decrypt the backup and their own password to use to import it. Would this be common practice?

     

    Thank You

     

  • The default is for certificates to expire in 1 year. It can be changed to a different value when creating the certificate.

    I didn't realize that, and backups failed a year later.

    • This reply was modified 3 years ago by  homebrew01.
  • That is good to know before deploying the certificate to all the servers.

    Thanks

     

Viewing 3 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic. Login to reply