Storage products contain data users depend upon, yet often do not take steps to help users secure that data. This problem is especially serious when the hardware on which the storage product is running is managed by a third-party or placed in a location shared with untrusted parties. Additionally, even when the storage system is maintained in a secured environment, 3rd party vendors may be required to access components of the system when replacing failed hardware components. As the failed components may often contain unsecured data, the disposal of the failed component becomes a costly commercial issue as the failed component may not provide a way to logically delete the data and therefore the component has to be physically destroyed.
The use of cryptographic methods allows the data to be scrambled using a key that is only known by authorized users. The key is used by the authorized user with a decryption method to descramble data that has previously been encrypted. Once the storage system utilizes cryptographic methods, all the data within any components of the storage system are scrambled and the data is not retrievable without the appropriate key.
Many encryption systems for storage systems over-simplify the problem space to the extent that they either provide inadequate protection, or no protection under many circumstances. Other systems require complex interactions, often involving the user in choices they are sometimes ill-equipped to make correctly. This lends itself to misuse, leading to security compromises, or simply to the data protection systems being disabled by the user. Complexity within cryptographic methods used in storage systems also means that verifying that the system is operating as desired is also complex which leads to operational issues.