[ Thanks to Amy Newman for this link.
]
“As crazy as it seems, people have told me there is no need for
storage security; all that is needed is network and OS security,
and securing the file system and data path is not important. Their
argument is that storage security is far too hard to manage. Of
course, I ask what they mean and I do not seem to get a straight
answer very often. What I think people are concerned about is the
complexity of key management for disk drives, but this is only one
aspect of storage security. Disk encryption allows the easy
destruction of a disk once it has been removed from a system. Disk
encryption does not prevent anyone getting into the system from
accessing data from your system, as the encryption is done by disk
drive when written and it is decrypted when read. The argument that
the OS and network, including user passwords, is all the security
that is needed is a flawed argument in my opinion.”