All customer backup data managed by 365 Total Backup is protected by AES 256-bit encryption at rest with each customer having a dedicated encryption key for their backup data. Each block is encrypted using the randomly defined encryption key and a standard Initial Vector (IV) defined within the product.
Each customer dedicated backup encryption key is stored in a dedicated Azure Key Vault and only the 365 Total Backup application and restricted, high-privilege Hornetsecurity personnel have access to Azure KeyVault. Each individual set of 365 Total Backup data is logically segregated, uniquely identified and mapped back to the original account.
How is the encryption key used upon restoring?
When restoring, Office 365 Backup, restore workers grab the customer backup data from storage, decrypts the data using the customer backup encryption key retrieved from Azure KeyVault and restores the content to the customers selected destination. If the customer selected PST or ZIP restores, the restore is additionally password protected and passed to Hornetsecurity CP UI for the user to keep safely. ZIP/PST restores are uploaded to a public blob storage and retained for 5 days.