Home > Storage > ObjectScale and ECS > Product Documentation > Dell ECS: Data at Rest Encryption > Overview
Compliance requirements often mandate the use of encryption to protect data written on disks. In ECS encryption can be enabled at the namespace and bucket levels. To support D@RE, ECS maintains a hierarchy of encryption keys where a parent key in the hierarchy is used to protect a child key. Before ECS 3.3, ECS natively managed these keys across the geo-federated environment. Beginning with ECS 3.3, support for certain External Key Management solutions that are compliant with the Key Management Interoperability Protocol (KMIP) was added.