From Safeguard 6.7 Appliance Administrators can configure backup protection which will encrypt all backups generated from all appliances in the cluster. Backup protection is set on Administrative Tools | Settings | Backup and Retention | Safeguard Backup and Restore then click Settings and select Backup Protection Settings.
The 3 options are:
Appliance (default)
Backups are encrypted using AES-256 as a genuine Safeguard backup and can only be decrypted on a Safeguard appliance.
Password
Backups are encrypted using AES-256 as a genuine Safeguard backup and can only be decrypted on a Safeguard appliance. In addition, backups are encrypted with the provided password. The password is required to restore the backup. AES-256 encryptionis used.
GNU Privacy Guard (GPG) public key (RSA only)
Backups are encrypted as a genuine Safeguard backup and can only be decrypted on a Safeguard appliance. In addition, when a backup is downloaded or archived it is encrypted with the provided GPG public key. The private key is required to unencrypt the backup prior to uploading to a Safeguard appliance.
Once set, future backups created manually or automatically are protected.
Safeguard for Privileged Passwords detects the attempted upload of an invalid backup. An audit event is created for the failed backup load with the error reasons which will include an invalid signature.