Each Cloud account within a backup set has its own encryption key. Since the Cloud to Cloud backups are run by a single administrator of a tenant with many users, an encryption key is randomly generated for each of these Cloud accounts. The encryption keys are never presented to anyone and cannot be retrieved.
The encryption key is then secured in Azure Key Vault to ensure it is neither available nor visible to anyone. The only entity that has access to this Key Vault is the Cloud to Cloud application itself, which is also hosted in the same Cloud region in Azure.
InstantData recovery requires an account and encryption key to initiate a recovery. However, it is not secure to return an encryption key to an administrator. Instead, a short-lived session is created by the Cloud to Cloud application. A link is generated from this session which allows a user to recover data for a limited period without needing to enter their encryption key. The link is only valid until the session expires.
During the backup process, data blocks are compressed with LZ4 and then encrypted using the encryption key specified when the account was created. This encryption occurs prior to data being transferred to the Storage Platform. TLS is used to authenticate the data transfer and to create a secure session between the account and the Storage Platform.
We use a symmetric-key cryptographic block cipher, 256-bit Advanced Encryption Standard (AES) in Galois Counter Mode (GCM) or AES-GCM to ensure authenticated encryption, guaranteeing the integrity of your data. Through AES-GCM, the integrity of each block of data is verified using its inherent checksum before being stored on the Storage Platform. Files that have become corrupt or are missing on the Storage Platform (due to disk corruption, for example) are identified by integrity checks and are retransmitted to the Storage Platform at the start of each backup.
If the connection to the Storage Platform is interrupted, the backup service resumes seamlessly, starting again at the beginning of the interrupted file.