Only permitted roles have access to the data store and the decrypted data. Often encrypt/decrypt mechanisms are tied to role-based access controls through an organization’s authentication, authorization, and accounting service (such as Active Directory).
Encrypting a disk, storage area network, or network-attached storage is a great security control in those environments, but it’s no longer good enough to be the only encryption solution in play. In these cases, the volume of transactions and their low latency requirements were so at odds that using data-level encryption was just not a great option. In the past, encryption would often be too heavy or resource intensive to perform at extremely high volumes for high transaction volume organizations such as health insurers, card processors, or healthcare clearinghouses. While it is an effective way to protect data, disk encryption alone is simply not enough.
Disk encryption protects information stored on a disk drive-such as an external hard drive, laptop, or even enterprise storage-by preventing the drive from being accessed without the proper password or authentication credentials. Because of the friction these processes create, it’s common for businesses to use alternate forms of encryption such as disk encryption to meet business or compliance requirements.
Most often, the word “encryption” brings to mind decryption keys and complex processes that cause friction to the end users in order to access data.