I went through the article: http://www.symantec.com/docs/TECH124682
This is basically my question/concern when it comes to the "fixed" key encryption that article talked about:
Does this mean all BackupExec products share the same encryption key? Here is a scenario to better explain my question:
An attacker gains access to our deduplication folder, but not to our Backup Exec server, could this attacker, in theory, just spin up a brand new Backup Exec instance on their own, purchased or otherwise, and connect to our deduplication folder, and from their decrypt, view/read/recover the backup data housed in that folder?
This, of course, is an unlikely scenario but one I want to know I am protected against. If this is the case it won't be a concern for us, we will just add another layer of encryption protection (one that is FIPS compliant) on the deduplication storage outside of Backup Exec embedded encryption.