When talking to IT professionals about encryption, I often notice a lack of understanding about information security. It often comes as
a surprise that encryption inside of a disk storage system only protects data when someone steals the disk drives out of the system and removes them from the data center.
The main motivation for IT to encrypt data is to meet regulatory requirements. Information such as protected healthcare data (think of patient medical records) must be encrypted because of laws or internal policies. This leads to using storage systems that encrypt the data on the devices in case someone steals the disks and has the skills and perseverance to put the data back together from the different pieces in a RAID group and storage pool.
