Home > Storage > ObjectScale and ECS > Product Documentation > Dell ECS: Data at Rest Encryption > Data at Rest Encryption
Data at Rest Encryption (D@RE) is simple, low-touch server-side encryption. It supports enterprises and service providers seeking to protect sensitive data on storage media. It encrypts data inline before storing it on ECS disks or drives. This encryption helps prevent sensitive data from being acquired from discarded or stolen media. It is a required feature in financial and healthcare use cases needing regulatory compliance.
Note:
The ECS D@RE implementation encrypts all customer data. The data that resides on the storage system includes any user metadata (applicable to S3 and Swift users) associated with objects. System metadata such as timestamps, object location information, access control lists, object, and bucket names are not in the scope of data-at-rest encryption. Names of objects and buckets are excluded from D@RE because their encryption impacts indexing of the data.
ECS software distribution is available in two forms: one with D@RE and one without. Dell Technologies recommends that all users have the ECS software with D@RE except where D@RE is not lawful. For customers who should have access to D@RE, the ECS license file includes D@RE. When this license is applied to the appropriate ECS software distribution, the feature is initialized and available.
Note: Some countries (China and Russia) do not permit software with strong encryption. For those countries, ECS is packaged without D@RE.