Problem description
Schedule backups are failing for all Cloud Apps. However, manual backups are successful.
Cause
This error occurs because inSync does not have access to the data encryption key (ekey). For successful scheduled backups of all the Cloud Apps, inSync requires access to the data encryption key (ekey). The ekey is used to encrypt the user data when it is being backed up to the inSync Cloud. This is part of the digital envelope encryption process that Druva strictly adheres to. Druva does not store the ekey of the users and has no access to the data.
Resolution
Use any one of the following enable Druva inSync to get the user data encryption key(ekey)
Enable Bring Your Own Key
If your organizational policies require complete control over the encryption of the data backed up by Druva, Enterprise Key Management is the solution for you. For more information, see Enterprise Key Management for Microsoft 365.
Enable the Cloud Key Management feature
The Cloud Key Management feature is a secure method to backup the Cloud Apps data. The Cloud Key Management feature utilizes the AWS Key Management Service (AWS KMS) to generate the Data Key. The Data Key is then used to encrypt the key. The encrypted-ekey is then stored in the inSync Cloud. During the scheduled Cloud Apps backup, the encrypted-ekey in combination with the Data Key is utilized to source the ekey. This ekey is then utilized to complete the backup.
For detailed steps, see Configure Cloud Key Management for Cloud Apps.
๐ Note
โOnce Cloud Key Management is enabled for your inSync instance, it cannot be disabled in the future. Kindly discuss these details and the above KB article with your Network Security Team to ensure that your company policies allows use of Cloud Key Management Service by Amazon.