Cloud Backup provides encryption at rest and encryption in transit to protect your cloud data against potential security risks. Encryption in transit is implemented based on the SSL or TLS protocol.
Encryption at rest
Encryption at rest provides data protection for the data stored in the cloud. Cloud Backup encrypts the backup data by using AES-256 at the source end, and then transfers the encrypted data to the cloud. By default, Cloud Backup uses self-managed keys to encrypt data. You can also use the keys that you create in Key Management Service (KMS).
KMS is a secure and easy-to-use key management service provided by Alibaba Cloud. KMS allows you to ensure the privacy, integrity, and availability of your keys at a low cost. You can use the keys in a secure and convenient manner. You can also develop encryption and decryption solutions based on your business requirements. You can view and manage the keys in the KMS console. For more information, see Overview of the key service.
Encryption in transit based on SSL or TLS
Cloud Backup supports access over HTTP and HTTPS. HTTPS is a secure version of HTTP that uses SSL or TLS to encrypt data. SSL or TLS is a Layer 4 protocol that helps ensure data privacy and data integrity between two applications.