Data Protection: Data In transit vs. Data At Rest
Learn about approaches to data protection for data in transit vs. data at rest in Data Protection 101, our series on the fundamentals of data security.
Definition of Data In Transit vs. Data At Rest
Data in transit, or data in motion, is data actively moving from one location to another such as across the internet or through a private network. Data protection in transit is the protection of this data while it’s traveling from network to network or being transferred from a local storage device to a cloud storage device – wherever data is moving, effective data protection measures for in transit data are critical as data is often considered less secure while in motion.
Data at rest is data that is not actively moving from device to device or network to network such as data stored on a hard drive, laptop, flash drive, or archived/stored in some other way. Data protection at rest aims to secure inactive data stored on any device or network. While data at rest is sometimes considered to be less vulnerable than data in transit, attackers often find data at rest a more valuable target than data in motion. The risk profile for data in transit or data at rest depends on the security measures that are in place to secure data in either state.
Protecting sensitive data both in transit and at rest is imperative for modern enterprises as attackers find increasingly innovative ways to compromise systems and steal data.
The Role of Encryption In Data Protection In Transit and At Rest
Data can be exposed to risks both in transit and at rest and requires protection in both states. As such, there are multiple different approaches to protecting data in transit and at rest. Encryption plays a major role in data protection and is a popular tool for securing data both in transit and at rest. For protecting data in transit, enterprises often choose to encrypt sensitive data prior to moving and/or use encrypted connections (HTTPS, SSL, TLS, FTPS, etc) to protect the contents of data in transit. For protecting data at rest, enterprises can simply encrypt sensitive files prior to storing them and/or choose to encrypt the storage drive itself.
Best Practices for Data Protection In Transit and At Rest
Unprotected data, whether in transit or at rest, leaves enterprises vulnerable to attack, but there are effective security measures that offer robust data protection across endpoints and networks to protect data in both states. As mentioned above, one of the most effective data protection methods for both data in transit and data at rest is data encryption.
In addition to encryption, best practices for robust data protection for data in transit and data at rest include:
- Implement robust network security controls to help protect data in transit. Network security solutions like firewalls and network access control will help secure the networks used to transmit data against malware attacks or intrusions.
- Don’t rely on reactive security to protect your valuable company data. Instead, use proactive security measures that identify at-risk data and implement effective data protection for data in transit and at rest.
- Choose data protection solutions with policies that enable user prompting, blocking, or automatic encryption for sensitive data in transit, such as when files are attached to an email message or moved to cloud storage, removable drives, or transferred elsewhere.
- Create policies for systematically categorizing and classifying all company data, no matter where it resides, in order to ensure that the appropriate data protection measures are applied while data remains at rest and triggered when data classified as at-risk is accessed, used, or transferred.
Finally, if you utilize a public, private, or hybrid cloud provider for storing data or applications, carefully evaluate cloud vendors based on the security measures they offer – but don’t rely on the cloud service to secure your data. Who has access to your data, how is it encrypted, and how often your data is backed up are all imperative questions to ask.
While data in transit and data at rest may have slightly different risk profiles, the inherent risk hinges primarily on the sensitivity and value of your data; attackers will attempt to gain access to valuable data whether it’s in motion, at rest, or actively in use, depending on which state is easiest to breach. That’s why a proactive approach including classifying and categorizing data coupled with content, user, and context-aware security protocols is the safest and most effective way to protect your most sensitive data in every state.
Frequently Asked Questions
What is the difference between data at rest and data in transit?
The difference between data at rest and data in transit is simply whether the data is currently stationary or moving to a new location. Data at rest is safely stored on an internal or external storage device.
Data in transit, also known as data in motion, is data that is being transferred between locations over a private network or the Internet. The data is vulnerable while it is being transmitted. Data can be intercepted and compromised as it travels across the network where it is out of a user’s direct control. For this reason, data should be encrypted when in transit. Encryption makes the data unreadable if it falls into the hands of unauthorized users.
What is an example of data in transit?
An example of data in transit is information transferred between a remote user’s mobile device and a cloud-based application. If the data is transmitted in plaintext and not encrypted, it can be compromised by malicious actors. Valuable or sensitive in-transit data should always be encrypted.
Is data encrypted in transit and at rest?
Data may or may not be encrypted when it is in transit and at rest. Encryption is not a native characteristic of data in either an in-transit or at-rest state. Encryption protects data from unauthorized use and can be implemented on data in transit or at rest. Affording valuable data extra protection through encryption is always a good idea, whether it’s at rest or in transit. It is critically important to encrypt sensitive data in transit when it is potentially exposed to unknown entities.
What are some data at rest examples?
Data at rest is information that is currently not moving between two points and is safely stored on a computer or device. As soon as a user attempts to transfer any of these items over the network, they become data in transit. Examples of data at rest include:
- Spreadsheet files stored on your laptop’s hard drive
- Videos stored on your iPhone or Android device
- Employment records stored in corporate HR applications
- Sales information that is stored in company databases
The Definitive Guide to DLP
- The seven trends that have made DLP hot again
- How to determine the right approach for your organization
- Making the business case to executives
The Definitive Guide to Data Classification
- Why Data Classification is Foundational
- How to Classify Your Data
- Selling Data Classification to the Business