There are three different states of data: data at rest, data in transit and data in use. In each of these states, data is in different locations and different forms — and thus, it requires different strategies to keep secure. Because data is such a valuable target for cyberattackers focused on business victims, organizations need to understand how to protect data in every state. This guide should help business leaders make better data protection decisions now and into the future.
Protecting Data at Rest
Data is at rest when it is in storage and not actively being accessed. File servers, databases, flash drives and hard disks are all locations where data may be at rest. Idle data presents numerous challenges to those interested in maintaining security. Data at rest is often stored in many different types of media and equipment; it might even be physically scattered. Often, IT staff have little control over the protection of data stored in the cloud, and many industries are impacted by data protection regulations.
Fortunately, data at rest typically enjoys the highest level of security of data in any state. Generally, security of data at rest is achieved through encryption, which makes the data unusable to any unauthorized viewer. Still, businesses may employ many levels of encryption to thwart attack as best they can, to include:
Full disk encryption, which encrypts devices that may store and use data.
File-level encryption, which allows individual files of data to benefit from encryption, even during transit.
Database encryption, which encrypts data stored in a particular database.
In addition to encryption, businesses might protect data at rest with tools and strategies for better management of data and devices. Mobile device management solutions help to limit access to certain corporate applications, and data leak prevention tools help to find and eliminate sensitive data in the midst of a data breach. Along with proper encryption, these solutions could keep data fully safe while at rest.
Protecting Data in Transit
Data is often moving, as those who collect and store data often share it with those who need to use it. Data might be in transit through emails, collaborative work applications, social media messaging, web portals or any type of private or public communication channels. Data might also be in transit if an organization is migrating its data from one storage solution to another.
As with data at rest, data in transit faces challenges associated with diversity: There is essentially an infinite number of means and channels of communication through which data might travel. Thus, businesses need to find solutions that keep data in transit safe, regardless of how it moves. Unfortunately, even if data is kept secure during transit, businesses cannot always be certain how it will be secured once it is received, which means they must accept a loss of control of data protection when data is sent to a recipient outside the company.
There are a few ways that businesses can do their best to protect data in transit. Because email is such a significant means of communication, employing email encryption is one of the simplest and most effective ways to keep data in transit safe. Businesses might also take advantage of a managed file transfer (MFT) system, in which data is transferred through a secure platform. While migrating data to the cloud, businesses should take advantage of dedicated cloud migration security solutions, which can continue to offer protections as data moves back and forth in hybrid environments. Though businesses do need to recognize that data in transit will always be most vulnerable to attack, certain solutions can make the prospect of moving data more secure.
Protecting Data in Use
Data is considered in use when it is opened by an application or accessed in any other way by one or more users. Data might be in use for many reasons: to view it, analyze it or change it. Regardless, data in use is perhaps the most vulnerable of data in any state because to be used, data often must shed all of its protections. It must be accessible, it must be decrypted and it must be open in an application.
The key to protecting data in use is setting up defenses that prevent unauthorized data use. Tools that control access to data are essential, as it limits the number of users who have the ability to dismantle protections. Identity management tools are key, as they help business systems understand and verify the identity of users before they release sensitive information. Businesses might also invest in platforms that limit how users can interact with data. For example, some applications prevent users from downloading data, and others impose dynamic watermarks that make it difficult or impossible to copy data using image capture tools.
Data is a valuable target for cyberattack, so any users with data need to take precautions to protect it in every state. With greater knowledge of the challenges of securing data in different states, business leaders can make better security decisions and keep their data safe.