System and method for protecting data systems such as file systems, volume managers, databases, and backup systems. In embodiments, rather than encrypting the data of a data system, one or more elements or levels of metadata may be encrypted. Some embodiments may encrypt metadata that is not accessed frequently to minimize the cost of encryption and decryption. Alternatively, instead of encrypting an entire metadata, only a portion, such as a header block, of the metadata may be encrypted. The encrypted metadata may be stored in the data system. At startup of the data system, the encrypted metadata may be decrypted and an unencrypted copy of the metadata may be cached in memory for use by the data system software. If the decrypted metadata is modified, then the encrypted metadata may be replaced with an encrypted version of the modified metadata. Format(s) of the metadata that is encrypted may be copyrighted.