no doubt some Synology approaches are out of my understanding.
But, regarding the security stage, based on encryption you never be able to prepare single solution for all users. Then you have (as NAS vendor) these 2 basic choices only:
- for 80% of users (mass market driven Pareto principle) you will prepare feature for basic but strong Share folder encryption. No one from the target group has an understanding what exactly it does mean for them. Frequently the encryption is in relation with data lose (forgetfulness of people)
. Many times advanced users use this feature also. It's OK.
- rest of the 20% advanced users can use their own solutions when Synology is just storage provider, from XX+ characters length of Encryption Key/Passphrase by BitWarden (saved to different media), or by independent encryption e.g. BitLocker for LUN. But although stealing disk drives won’t grant access to encrypted data, if those encryption keys fall into the wrong hands, your data can still be compromised.
Why to spend such pointless effort from NAS vendor to satisfy (by an universal solution) every single paranoid person (me also) in our universe? There is no way and it's costly. Because every single new feature must be supported across target product portfolio. Then people will cry that this Xeon based NAS support it and this small low cost CPU not.
Yes, it is still out of advanced encryption solution based on e.g. controller-based encryption when any data type: block, file, or object can be encrypted. Because Synology is out of this kind of architecture.
Re encryption by Synology NAS
You need always count with same (already mentioned) important points:
- do you need exactly encryption for whole disk data? Even for public available movies or MP3, etc?
- or just for specific (tier) of sensitive data stored in specific shared folder/s?
Then where is the foundation of whole disk encryption for Synology? Even when your single disk contains just single Shared folder in usage.
Finally:
when you store such interesting data for costly quantum bruttforce usage, you have to think about change of your security architecture
or
location change for your NAS.
Down to earth or change a beer provider.
Cheers.