Data encryption has been one of the most widely adopted and effective data security methods used by organizations to protect sensitive data. In this post, we explore how data encryption technology protects data in three states across the data lifecycle: 1) data in use, 2) data in motion and 3) data at rest.
We’ll begin by addressing the most recent advance in data encryption: In-Use Encryption.
In-use encryption is a data security breakthrough that addresses a vulnerability in traditional encryption technology – the inability to keep data encrypted while data is in use. Traditional encryption protects data only when data is at rest (disk encryption) or in transit via secure communication methods such as SSL and TLS. These shortfalls leave companies with significant vulnerabilities when the data is in use by on-premise or cloud applications.
In-use encryption changes the game by enabling organizations to use data securely in its encrypted state, opening a wide range of possibilities for businesses looking to gain more value from their data.
In-use encryption takes a holistic approach to data security by protecting data throughout the entire data lifecycle – by securing the data itself, not just the application, database, or network in which it resides. It ensures that sensitive data is encrypted, even when in use by applications, and provides decrypted data for authorized queries from application users.
For more on in-use encryption, here’s a white paper that takes a deep dive into in-use encryption technology.
Encryption in Motion
Data in motion, or data in transit, is data actively moving from one location to another, such as across the internet, between devices or through a private network. Data encryption in motion is the protection of this data as it’s traveling from between these locations. Data is at greater risk when it is in motion because it must be decrypted prior to transfer, along with transfer process vulnerabilities.
Data in motion encryption ensures that even if the data is intercepted, its privacy is secure. For protecting data in transit, enterprises often choose to encrypt sensitive data prior to moving and/or use encrypted connections, such as HTTPS, SSL, TLS, FTPS, to protect the contents of data in motion.
Encryption at rest
When data resides on a device and is not actively being used or transferred it is referred to as data-at-rest. Data at rest is often less vulnerable than data in motion because of the device’s security features that can restrict access, but it is still not completely secure.
By encrypting data at rest, organizations can reduce the potential for data theft by increasing the time it takes for data thieves to access information, giving organizations the time they need to discover data loss or ransomware attacks. For protecting data at rest, organizations can simply encrypt sensitive files prior to storing the files, as well as or choosing to encrypt the storage drive itself.
Attackers will attempt to access valuable data whether the data is in motion, at rest, or actively in use, depending on which state is easiest to breach. This is why a proactive approach to protecting sensitive data throughout the data lifecycle is the safest and most effective way to protect your most sensitive data in every state.