Overview
In order to initiate scheduled backups of SaaS Apps data, inSync requires an encryption key (ekey) to secure user data during backup. Druva recommends using the Cloud Key Management feature, which leverages AWS Key Management System (AWS KMS) to generate a Data Key. This Data Key encrypts the ekey, which is then securely stored in the SaaS apps Cloud. During backups, the encrypted ekey and Data Key are used to retrieve the ekey, enabling the backup process.
π‘Tip
If your organizational policies require complete control over the encryption of the data backed up by Druva, Enterprise Key Management is the solution for you. With Enterprise Key Management, you can use keys from your AWS Key Management Service (KMS) account to encrypt and decrypt your data. It adds an extra layer of security to Druva's default encryption. Enterprise Key Management is available upon request. This feature is also called Bring Your Own Key (BYOK). To learn more, see Enterprise Key Management.
β
Steps to Configure Cloud Key Management
Before you begin, ensure:
You have received the confirmation email from Support about activating your account for the Cloud Key Management feature.
You are logged on to the console either as a Cloud administrator, or you are managing the SaaS Apps users and groups from your administrator account. Before you begin, make sure the key management system is enabled for your instance.
Procedure
On the Endpoints/SaaS Apps console, click and select Endpoints & SaaS Apps Settings.
Go to the Key Management tab and click edit .
Select the Enable Cloud Key Management feature checkbox to click save.
β Important
To check if your account's Cloud Key Management (KMS) feature is enabled, navigate to the Cloud Key Management section under SaaS Apps Settings in the inSync console. The status will be displayed there. Once enabled, this feature cannot be disabled.
Keywords: enable cloud key management, cloud KMS, activate cloud key management, cloud KMS,