Encryption decrypted

A glossary of common storage-encryption terms:

Sensitive data. Depending on the type of business, sensitive data can include Social Security numbers, credit card information, financial records, health data, intellectual property documents or information about sexual orientation. Most companies will find an average of 8 to 12 bits of data per record that need encryption. The difficulty is locating every place where that information is stored.

Encryption appliance. This hardware sits between servers and storage systems and encrypts data as it moves back and forth. Many of these appliances can run in SAN, NAS, iSCSI and tape infrastructures. They encrypt data at close to wire speed with very little latency. In comparison, encryption software on servers and in storage systems slows backups.

Library-based tape encryption. Security features embedded in tape drive and tape library hardware are often used when data is stored at an off-site facility. Encryption co-processors process the data stream at wire speed as it enters the library. Security functions are completely transparent to the software. No external software or operating system support is needed. But it also means that the tape vendor is entirely responsible for managing security.