Druva ensures data security by encrypting all data in transit with TLS and at rest with AES 256-bit encryption. A unique, session-only encryption key (eKey) is generated for each customer, which is never stored unencrypted or transferred, and is secured using a digital envelope encryption model. This architecture prevents Druva personnel from accessing customer data, and for enhanced key management, customers can choose to integrate with AWS KMS or utilize Enterprise Key Management (BYOK) for complete control over their encryption keys.
