Comparison of Software and Hardware Encryption





Encrypts data in transit and at rest.

Encrypts data only at rest.


Provides choice of using multiple encryption algorithm options based on security requirements. Choose from Blowfish to AES-256 and many others. Refer to Software Encryption Algorithms for a list of supported algorithms.

Limited to hardware vendor provided options.


Integrated with source side deduplication.

No integration, only available for data at rest.

Encryption Key

New encryption key generated for every client and storage policy copy combination.

New encryption key generated for every chunk.


Encryption gets carried over to replica copies without a need to decrypt and re-encrypt; no performance penalty.

Need to decrypt and re-encrypt data as hardware vendor automatically decrypts on authorized reads; could affect replication performance.

Key Management

Option to use one of the following:

  • Built in key management,
  • Third party options such as Vormetric, Safenet and others. Fully integrated solution with minimal configuration and management

Limited; depends on hardware vendor support. Manual configuration and management required for key management, not a fully integrated solution.

Last modified: 3/24/2020 11:14:22 AM