Three states of data is a way to categorize structured and unstructured data.
The three data states are data at rest, data in motion, and data in use. Data can change state quickly and frequently, or it can remain in a single state for the entire life cycle of a computer.
Understanding the characteristics and differences between data states can help organizations handle sensitive information more securely.
In the past, data center administrators spent much of their time managing data at rest, especially in market segments that have large compliance loads. As companies now rely on real-time analytics, more emphasis has been placed on managing the data in use.
Data at Rest
Data at rest is a term used by computer professionals to describe all the structured and unstructured data stored on the computer that is not currently being accessed or transferred.
Data at rest is not a fixed state, although some data may remain in archived or reference files, where it is rarely or never accessed or moved.
Examples of data at rest might include vital corporate files stored on an employee’s computer hard drive, files on an external hard drive, data left on a storage area network (SAN), or files on the servers of an off-site backup service provider.
The data at rest is considered stable compared to the data from the other states. It is not moving between systems or devices and is not being processed by a CPU.
Companies, government agencies, and other institutions take precautions to prevent threats posed by hackers to data at rest, including data encryption, hierarchical password protection, secure server rooms, and external data protection services.
In addition, multi-factor authentication and strict data security protocols for employees help protect information at rest. For some types of data, such as medical records, specific security measures are required by law.
Data in Motion
Data in motion is structured and unstructured data that is moving or being transferred between locations within, or between computer systems. It can also refer to data that is in the RAM of a computer that is ready to be updated, processed, accessed and read.
Moving data between cloud storage and a local file storage point or moving from one network to another is also considered moving.
Data in motion may be moving within a computer system, over a wireless connection, or along a wired connection. Also, files dragged from one folder to another, within an FTP site or emails, are considered to be data in motion.
Like data in other common states, data in motion must be encrypted to protect it from interception by hackers. Common forms of encryption for data in motion include encrypting the data before it is transmitted (while in a resting state) or encrypting the passage along which it is sent.
Data in use
Data in use is structured and unstructured data that is being maintained, processed, accessed, and read by a system. Since the data in use can be directly accessed by one or more users, this is the state when the data is most vulnerable to attack and when encryption is most essential.
In addition to encryption, some important ways to protect the data in use include user authentication at all stages, strong identity management, and well-maintained permissions for profiles within an organization.
In addition to digital forms of protection, it is common for organizations to have their employees sign non-disclosure agreements about the protection of the data they have access to.
The role of cryptography in protecting information
Data can be exposed to risks in transit and at rest and requires protection in both states. As such, there are several different approaches to protecting data in transit and at rest.
Encryption plays an important role in data protection and is a popular tool for securing data in transit and at rest. To protect data in transit, companies often choose to encrypt sensitive data before moving and/or use encrypted connections (HTTPS, SSL, TLS, FTPS, etc.) to protect the content of data in transit.
To protect data at rest, companies can simply encrypt sensitive files before storing them and/or choose to encrypt the storage unit itself.
Best practices for data protection in transit and at rest
Unprotected data, whether in transit or at rest, leaves companies vulnerable to attack, but effective security measures exist that provide robust data protection across endpoints and networks to protect data in both states.
As mentioned above, one of the most effective data protection methods for data in transit and data at rest is data encryption.
In addition to encryption, recommended practices for robust data protection for data in transit and at rest include:
1. implement robust network security controls to help protect
Network security solutions, such as firewalls and network access control, will help protect the networks used to transmit data from attacks and malware intrusions.
2. Don’t rely on reactive security to protect your company’s valuable information
Instead, use proactive security measures that identify data at risk and implement effective data protection for data in transit and at rest.
3. Choose structured and unstructured data protection solutions
With policies that allow users to request, block, or encrypt sensitive data in transit, you can increase the protection of this information. These policies are especially useful when files are attached to an e-mail message, moved to cloud storage, removable drives, or transferred elsewhere.
4. Create policies to systematically categorize and classify all company information
No matter where they reside, in order to ensure that appropriate data protection measures are in place while the data remains at rest and triggered when data classified as at risk is accessed, used or transferred .
Finally, if you use a public, private or hybrid cloud provider to store data or applications, carefully evaluate cloud providers based on the security measures they offer – but don’t rely on the cloud service to protect your data. Who has access to your data, how it is encrypted, and how often your data is backed up are all required questions.
Although data in transit and at rest may have slightly different risk profiles, the inherent risk depends primarily on the sensitivity and value of the data.
Attackers generally try to gain access to valuable data by seeking to exploit the most vulnerable state, regardless of whether they are in motion, at rest, or in active use.
A proactive approach, including data classification and categorization, along with context-sensitive security protocols, is the safest and most effective way to protect sensitive data.
Get to know EVAL’s CipherTrust solution
Eval’s CipherTrust Data Security Platform solution combines discovery and classification of sensitive data with comprehensive data protection and key management. With this platform, you can perform these activities across on-premises, cloud, and hybrid deployments of an enterprise.
The market-leading enterprise key management platform enables organizations to centrally manage encryption keys. With it, you can provide granular access control and configure security policies to ensure the protection of information.
EVAL’s CipherTrust Data Security Platform solution manages key lifecycle tasks such as generation, rotation, import, and export. In addition, it offers role-based access control for keys and policies, supports robust auditing and reporting, and provides a REST API.
These devices can be deployed on-premises in physical or virtual infrastructures, as well as in public cloud environments. In this way, you can effectively meet compliance requirements, regulatory requirements, and industry best practices for data security.
With a unified management console, you can define policies, discover and classify data to protect sensitive information wherever it resides. All this can be done using an integrated set of Thales data protection connectors.
Are you ready for a high-tech and secure solution? Learn how we can collaborate with mature, secure, and quality solutions for your company.
Contact us now and talk to our specialists.
EVAL has been developing projects in the financial, health, education and industry segments for over 18 years. Since 2004, we have offered Authentication, Electronic and Digital Signature and Data Protection solutions. Currently, we are present in the main Brazilian banks, health institutions, schools and universities, and different industries.
With value recognized by the market, EVAL’s solutions and services meet the highest regulatory standards of public and private organizations, such as SBIS, ITI, PCI DSS, and LGPD. In practice, we promote information security and compliance, increase companies’ operational efficiency, and reduce costs.
Innovate now, lead always: get to know Eval’s solutions and services and take your company to the next level.
Eval, safety is value.