There are probably a couple of approaches to be considered for time impact. For most wintel platforms, encryption in software has improved to be of minimal impact. For large bulk encryption, consider hardware to accelerate.
But first, a few more questions:
Do you really, really want to encrypt backups?
Is this being done to reduce your risk or the offsite storage vendors? (contracts, SLA’s, etc. should be reviewed).
What key management for backups? Will keys be sent to same vendor, same location? (If offsite data – or media this is on – is lost, damaged/ destroyed or stolen, will decryption keys be lost also?)
[Is your offsite storage local or distant? Is the physical risk loss of your facility, or larger, like hurricanes?]. In the past, some organizations have sent encrypted offsite to one location/vendor, and keys to another site/vendor. Also, consider what if the decryption keys (or the media they are on) are lost (the encrypted data is OK). Do you have a key recovery process?
Also, loss of keys could introduce risk due to inability to provide data to law enforcement, client, patient, etc. if encrypted data in unrecoverable.
Are you encrypting your organization’s on-site data NOW? Online data? Nearline data? Offline data? Despite what is in the news, the bigger risk is probably still to the data in your facility. If your facility has current experience with bulk encryption of online, nearline and/or offline data, then you might be better equipped (organizational processes) to engage encrypting for offsite.
A subsequent question is are you going to encrypt as part of the backup process or separately? You could check some of the backup system vendors for encyrption specs and recomendations. Depending on the size of your backups, you might do a disk-to-disk backup first, then encrypt. Then backup the encrypted data.
Another thought is along the lines of how long to hold? this is also like tape drives (will there still be DAT drives or DLT drives in 5 or 10 years?).
Be sure you do a full, detailed and thorough risk analysis.
Sorry, that I didn’t answer your question. This topic was discussed in detail at the last ISSA meeting.