RDS MS SQL native backup encryption

Hi Team,

Our security team is asking if we can encrypt the MS SQL native dumps in the S3 bucket when using RDS Export method for backups/restores.

AWS ref: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/SQLServer.Procedural.Importing.html#SQLServer.Procedural.Importing.Native.Backup.Examples

Thanks!

Page 1 / 1

Hello @GGMGL

Can you be a little more specific on the ask here? Are you enabling TDE on the SQL server itself? If that is the case, then the backups are not restorable unless you have the keys. You can also encrypt the backup itself as standard Commvault capabilities.

Hi @Scott Reynolds, our security team is concerned that the SQL dumps are sitting in the S3 bucket unencrypted during the backup/restore (even if only for the duration of the backup/restore) and we are trying to avoid the use of TDE so we can get dedupe savings. AWS supports dumping the DB encrypted using a KMS key as per the AWS link if I understand correctly and I’m trying to find out if it’s possible to use the same KMS key to decrypt the dump files when Commvault reads them from the S3 bucket so it can be deduped efficiently.

Reply

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded