The data-at-rest encryption feature, called Encryption License Key, protects your sensitive data against breaches associated with storage media (for example, loss or theft). Encryption License Key includes a controller-based encryption implementation as well as integrated key management functionality that can leverage third-party key management solutions via the OASIS Key Management Interoperability Protocol (KMIP).
The Encryption License Key feature provides the following benefits:
- Hardware-based Advanced Encryption Standard (AES) encryption, using 256-bit keys in the XTS mode of operation, is provided for open and mainframe systems.
- Encryption can be applied to some or all supported internal drives (HDD, SSD, FMD).
- Each encrypted internal drive is protected with a unique data encryption key.
- Encryption has negligible effects on I/O throughput and latency.
- Encryption requires little to no disruption of existing applications and infrastructure.
- Cryptographic erasure (media sanitization) of data is performed when an internal encrypted drive is removed from the storage system.