Encrypting in-transit / at-rest / in-use
Encryption At Rest
Data at rest is defined as not being actively used, such as moving between devices or networks and not interacting with third parties. This information is stored in one location on hard drives, laptops, flash drives, or cloud storage. When data is encrypted at rest through hardware-based software and devices, it’s protected from people trying to access it to steal personally identifiable information or other sensitive contents. While data is generally less vulnerable at rest than in transit, often, hackers find the data at rest more valuable than data in transit because it often has a higher level of sensitive information–making this data state crucial for encryption. One thing to note: many data breaches happen due to a lost USB drive or laptop – just because data is at rest doesn’t mean it won’t move.
Encryption In Transit
Encryption in transit is when the encrypted data is active, moving between devices and networks such as the internet, within a company, or being uploaded in the cloud. When you log on to your email, your password is sent to a third party for validation–this is an example of data in transit. Encryption between audit data from devices and configuration from servers, helps protect it as it travels from one place to another.
Encryption In Use
When data is in use, the central processing unit of the hardware is doing something to the data, such as coding, viewing, or playing a file. Anytime a program is being updated, erased, viewed, or generated, it is considered in use. This is a difficult stage for encryption since the implementation could potentially crash or damage the application accessing the data, but is also critical to protect the information in this state as well. Although this is a tricky state to encrypt, unencrypted data in use creates a huge risk factor for data breaches.
Best Practices for Data Protection In Transit and At Rest
Unprotected data, whether in transit or at rest, leaves enterprises vulnerable to attack, but there are effective security measures that offer robust data protection across endpoints and networks to protect data in both states. As mentioned above, one of the most effective data protection methods for both data in transit and data at rest is data encryption.
In addition to encryption, best practices for robust data protection for data in transit and data at rest include:
- Implement robust network security controls to help protect data in transit. Network security solutions like firewalls and network access control will help secure the networks used to transmit data against malware attacks or intrusions.
- Don’t rely on reactive security to protect your valuable company data. Instead, use proactive security measures that identify at-risk data and implement effective data protection for data in transit and at rest.
- Choose data protection solutions with policies that enable user prompting, blocking, or automatic encryption for sensitive data in transit, such as when files are attached to an email message or moved to cloud storage, removable drives, or transferred elsewhere.
- Create policies for systematically categorizing and classifying all company data, no matter where it resides, in order to ensure that the appropriate data protection measures are applied while data remains at rest and triggered when data classified as at-risk is accessed, used, or transferred.
Finally, if you utilize a public, private, or hybrid cloud provider for storing data or applications, carefully evaluate cloud vendors based on the security measures they offer – but don’t rely on the cloud service to secure your data. Who has access to your data, how is it encrypted, and how often your data is backed up are all imperative questions to ask.