Comparison of Software and Hardware Encryption

Updated

SOFTWARE ENCRYPTION

HARDWARE ENCRYPTION

Scope

Encrypts data in transit and at rest.

Encrypts data only at rest.

Choice

Provides choice of using multiple encryption algorithm options based on security requirements. Choose from Blowfish to AES-256 and many others. Refer to Software Encryption Algorithms for a list of supported algorithms.

Limited to hardware vendor provided options.

Deduplication

Integrated with source side deduplication.

No integration, only available for data at rest.

Encryption Key

New encryption key generated for every client and storage policy copy combination.

New encryption key generated for every tape media.

Replication

Encryption gets carried over to replica copies without a need to decrypt and re-encrypt; no performance penalty.

Need to decrypt and re-encrypt data as hardware vendor automatically decrypts on authorized reads; could affect replication performance.

Key Management

Option to use one of the following:

  • Built in key management,

  • Third party options such as Vormetric, Safenet and others. Fully integrated solution with minimal configuration and management

Limited; depends on hardware vendor support. Manual configuration and management required for key management, not a fully integrated solution.

Was this page helpful?