Comparison of Software and Hardware Encryption

	SOFTWARE ENCRYPTION	HARDWARE ENCRYPTION
Scope	Encrypts data in transit and at rest.	Encrypts data only at rest.
Choice	Provides choice of using multiple encryption algorithm options based on security requirements. Choose from Blowfish to AES-256 and many others. Refer to Software Encryption Algorithms for a list of supported algorithms.	Limited to hardware vendor provided options.
Deduplication	Integrated with source side deduplication.	No integration, only available for data at rest.
Encryption Key	New encryption key generated for every client and storage policy copy combination.	New encryption key generated for every tape media.
Replication	Encryption gets carried over to replica copies without a need to decrypt and re-encrypt; no performance penalty.	Need to decrypt and re-encrypt data as hardware vendor automatically decrypts on authorized reads; could affect replication performance.
Key Management	Option to use one of the following: Built in key management, Third party options such as Vormetric, Safenet and others. Fully integrated solution with minimal configuration and management	Limited; depends on hardware vendor support. Manual configuration and management required for key management, not a fully integrated solution.