When the confidentiality of backups is important, backups are protected by encryption. The need to encrypt backups may become highlighted when backups are stored in a physical location where security policies are unknown.
Deciding on the need for encryption solutions is seen as part of an overall process that includes risk assessment and the definition of other management tasks.
The organization has established a general encryption policy that is always followed when protecting information using encryption.
Encryption policy defines:
We use strong encryption during password transmission and storage in all services we develop.
Storing confidential information on removable media should be avoided. When removable media is used to transfer confidential information, appropriate security is used (e.g., full disk encryption with pre-boot authentication).
When choosing the encryption methods to be used, take into account e.g. the following points:
The need for the advice of external experts is always considered when determining used cryptographic practices.