Introduction

---

In this Read Protecting Data at Rest with Device Encryption I decided to summarize and follow an article that was provided to me about this topic that can be found here.

Definition of Data In Transit vs. Data At Rest

---

The text provides definitions and explanations of two types of data security:

• Data in transit
• Data at rest

Data in transit refers to data that is actively moving from one location to another, such as across the Internet or through a private network. Data protection in transit involves securing this data while it's traveling, whether between networks or being transferred from a local storage device to a cloud storage device. This protection is critical because data is often considered less secure while in motion.

On the other hand, data at rest is data that is not actively moving from device to device or network to network, such as data stored on a hard drive, laptop, flash drive, or archived/stored in some other way. Data protection at rest aims to secure inactive data stored on any device or network. Although data at rest is sometimes considered less vulnerable than data in transit, attackers often find it a more valuable target. The risk profile for data in transit or data at rest depends on the security measures in place to secure data in either state.

The Role of Encryption In Data Protection In Transit and At Rest

---

The text explains that data can be at risk in both in transit and at rest, and therefore requires protection in both states. Various methods exist for safeguarding data in transit and at rest, with encryption being a widely used tool for securing data in both conditions.

To protect data in transit, organizations often choose to encrypt sensitive data before transferring it and/or use encrypted connections such as HTTPS, SSL, TLS, or FTPS to ensure the security of the data while in transit.

To protect data at rest, organizations can encrypt sensitive files before storing them and/or encrypt the storage drive itself. These encryption measures are essential for safeguarding sensitive data and protecting it against attackers who are continuously developing innovative ways to compromise systems and steal data.

Best Practices for Data Protection In Transit and At Rest

---

The text discusses the importance of data protection measures for data in transit and data at rest. It emphasizes that unprotected data can leave organizations vulnerable to attacks, but there are effective security measures that offer robust data protection across endpoints and networks for data in both states. Data encryption is highlighted as one of the most effective methods for protecting data. Other best practices for data protection include:

• Implementation of robust network security controls such as firewalls and network access control
• Usage of proactive security measures
• Choose data protection solutions with policies for prompting, blocking, or automatic encryption
• Categorize and classify all company data
• Evaluation of cloud vendors based on the security measures they offer

The text stresses that attackers will attempt to gain access to valuable data in any state, and therefore, a proactive approach is necessary to protect sensitive data through content, user, and context-aware security protocols.

Questions

1. From your day to day computer use, provide examples of when data is at rest and when it is in transit.

Examples of data at rest:

• Hard drive
• Laptop
• Flash drive

Examples of data in transit:

• Sending an email
• Tranfering files
• Bank transfers

2. Explain the role data encryption with regards to the CIA triad.

Data encryption plays a crucial role in the confidentiality aspect of the CIA triad.

Encryption ensures that sensitive data remains confidential by converting it into an unreadable format that can only be decrypted by authorized parties with the appropriate encryption key. This helps to protect the data from unauthorized access or interception by third parties, thereby maintaining its confidentiality.