Storage encryption is the use of encryption/decryption of backed-up and archived data, both in transit and on storage media. Storage encryption is a feature of storage security that is gaining favor among enterprises that use storage area networks (SANs).
The main advantage of storage encryption in a SAN is the fact that it hardens the core of the network at relatively low cost. Multiple ciphers can be used for individual files, folders, or data volumes. In addition, two encryption arrangements can be used, one for data in transit and the other for stored and archived data. The ciphers, and the corresponding decryption keys, should be changed frequently.
Two criteria are said to help determine the potential effectiveness of any storage security plan. First, the cost of implementing the plan should be a small fraction of the value of the protected data. Second, it should cost a potential hacker more, in terms of money and/or time, to compromise the system than the protected data is worth. In this respect, storage encryption is often seen as an ideal solution. However, it is not completely foolproof, and is best used with other security measures such as hardware zoning. Because it works proactively, a relatively simple storage encryption arrangement can pay for itself in a short time. Storage encryption is an important element in what is referred to as deperimeterization.