By Mr. Filip Cotfas, Channel Manager, CoSoSys
Protecting sensitive data such as personally identifiable information (PII), intellectual property, or healthcare data, has become a requirement for most businesses collecting and processing these types of data. To preserve the competitive advantage, companies must protect their sensitive information from both malicious outsiders and careless insiders.
Depending on its movements, data can be found in three states: data at rest, data in use, and data in motion. Data at rest refers to all data stored on devices that are not transferred from device to device or network to network. It includes data stored locally on computer hard drives, archived in databases, file systems, and storage infrastructure. Data in use is data that is currently being updated, processed, erased, accessed, or read by a system and is stored within IT infrastructures such as RAM, databases, or CPUs. This type of data is not being passively stored but is very much active.
Data in motion, or data in transit, on the other hand, is data moving from one location to another, whether it’s between computers, virtual machines, from an endpoint to cloud storage, or through a private or public network. Once it arrives at its destination, data in motion becomes data at rest.
The Vulnerabilities of Data in Motion vs Data at Rest
In today’s digitized work environments, data is constantly in motion. Employees transfer data on a daily basis through email, virtual coworking spaces or messaging applications. The solutions they use can be company-approved collaboration tools, but they can also be shadow IT, personal services used by individuals in their work without the knowledge of their employers.
As such, data is considered less secure while in motion. Not only is it exposed to transfer via potentially insecure channels, but it also leaves the security of company networks, venturing to potentially less secure destinations and is vulnerable to Man-in-the-Middle (MITM) cyberattacks that target data as it travels.
Because it is not transferred over the internet, data at rest is considered less vulnerable than data in motion as it remains within the confines of company networks and their security framework. However, data at rest is often more attractive to cybercriminals as it guarantees a bigger payday than smaller data packets in transit. Data at rest is also often the target of malicious insiders looking to damage a company’s reputation or steal data before moving on to a new place of employment.
Although data at rest is not transferred over the internet, it doesn’t mean it does not travel. During the COVID-19 pandemic, as more and more work computers were taken out of the security of office spaces into the limited security capabilities of home environments, data at rest was put in a particularly vulnerable position.
Both data at rest and in motion face the risk of employee negligence. Whether data is stored locally or is transferred over the internet, a moment of employee careless can leave data open to a data breach or leak.
How to Protect Data in Motion vs Data at Rest
As shown above, data at rest and data in motion each come with their unique set of challenges when it comes to its security. While data in motion is unavoidable, many companies have tried to reduce the accumulation of data at rest by implementing Virtual Desktop Infrastructures (VDIs) and Desktop-as-a-Service (DaaS) platforms to limit the local storage of sensitive company data. However, these solutions come with their own data security concerns.
Basic cybersecurity measures such as firewalls and antivirus software are necessary to protect data at rest from outsider attacks. Data Loss Prevention (DLP) solutions are a popular tool for the protection of data both in motion and at rest from insider threats. Using policies that define what sensitive information means to a company, DLP software monitors and controls the transfer and storage of sensitive data.
Using content inspection and contextual scanning, DLP tools can search for sensitive data in hundreds of file types in real-time, whether it is in transit or stored locally on employees’ computers. Based on search results, controls can be put into place to limit or block transfers as needed or delete or encrypt data at rest when it is identified in unauthorized locations.
Encryption is another common solution used to secure data both at rest and in motion. Encrypting hard drives using operating systems’ native data encryption solutions, companies can ensure that, if a device lands in the wrong hands, no one can access the data on the hard drive without an encryption key.
Some DLP solutions also offer the possibility of enforcing the encryption of any files transferred onto USB flash drives. In this way, should a USB be lost or stolen, no one can access the data on it. For data in motion, encrypting data prior to transport or encrypted tunnels such as Virtual Private Networks (VPNs) can help protect permitted sensitive data transfers.
While data in motion and data at rest have different vulnerabilities and attack vectors, there are many software solutions that can help protect both. Firewalls, antivirus software, DLP solutions, and encryption all contribute to the protection of data in motion and at rest.