SOFTWARE ENCRYPTION |
HARDWARE ENCRYPTION |
|
Scope |
Encrypts data in transit and at rest. |
Encrypts data only at rest. |
Choice |
Provides choice of using multiple encryption algorithm options based on security requirements. Choose from Blowfish to AES-256 and many others. Refer to Software Encryption Algorithms for a list of supported algorithms. |
Limited to hardware vendor provided options. |
Deduplication |
Integrated with source side deduplication. |
No integration, only available for data at rest. |
Encryption Key |
New encryption key generated for every client and storage policy copy combination. |
New encryption key generated for every tape media. |
Replication |
Encryption gets carried over to replica copies without a need to decrypt and re-encrypt; no performance penalty. |
Need to decrypt and re-encrypt data as hardware vendor automatically decrypts on authorized reads; could affect replication performance. |
Key Management |
Option to use one of the following:
|
Limited; depends on hardware vendor support. Manual configuration and management required for key management, not a fully integrated solution. |
Comparison of Software and Hardware Encryption
Updated