Why is rotating encryption keys important in backup security?

• A. It reduces risk of exposure by limiting data encrypted with a single key
• B. It makes key management more complex but has no security benefit
• C. It invalidates existing backups
• D. It has no effect on security

Answer: (A)

Rotating encryption keys limits how much data is exposed if a key is compromised. When backups are all encrypted with one key, a single breach could reveal a large portion of the archive. By periodically refreshing keys and re-encrypting data with new ones, you contain potential exposure to only the data protected by the compromised key and you can retire or revoke that key without losing access to current backups. This aligns with good key lifecycle practices: generate, distribute, rotate, and retire keys securely, so an incident affecting one key doesn’t cascade across all backups. In practice, you can re-encrypt older backups with newer keys as part of ongoing security maintenance, keeping backups both accessible and protected.