Cloud Storage Gateway supports server-side encryption for OSS to protect your data in the cloud from security risks.
Data encryption
Cloud Storage Gateway uses server-side encryption for OSS to protect your data in the cloud from security risks.
Server-side encryption
Server-side encryption includes two methods: encryption using Key Management Service (KMS) and encryption using keys that are fully managed by OSS. You can configure server-side encryption in the OSS console.
After you enable server-side encryption for OSS, files that you upload from a shared folder are automatically encrypted in OSS using a KMS key. You can call the GetObject API operation to check whether a file is encrypted. The file is encrypted if the x-oss-server-side-encryption field in the response header is KMS and the x-oss-server-side-encryption-key-id field is the key ID. You can create a key in the Key Management Service console. Make sure to select the same region as your OSS bucket.
For more information about server-side encryption in OSS, see Server-side encryption.
For more information about how to create a key, see Create a CMK.
Data backup
CSG uses OSS as its backend storage. We recommend that you back up data stored in OSS using Cloud Backup.
Cloud Backup is a fully-managed online backup service that lets you back up data to the cloud easily, efficiently, and securely. You can use Cloud Backup to back up data from Elastic Compute Service (ECS) instances, ECS-hosted databases, ECS files, NAS file systems, Object Storage Service (OSS) buckets, and Tablestore instances. You can also use Cloud Backup to back up data from self-managed data centers that store files, databases, virtual machines (VMs), and large-scale NAS file systems. Cloud Backup lets you implement disaster recovery and archive data based on the archive policies that you configure for the preceding resources. For more information, see What is Cloud Backup?