Securing Data at Rest vs Data in Transit

Securing Data at Rest vs Data in Transit   

Sensitive data can include any kind of data that needs to be secured, including personally identifiable information or payment data. It is important to protect sensitive data in all its states. Data is vulnerable both when it is in transit and when it is at rest. Examining the different states your data goes through helps ensure that your sensitive data is protected through every step of the process.  

  

What is Data at Rest?  

Data at rest is data that is being stored, as opposed to data that is being transferred to be used. Data can be stored in many different places, and usually its "resting" place depends on the kind of data it is and its needed level of security. An everyday example of data at rest would be files stored on a computer or data stored in a hard drive.  

Certain kinds of data need to be stored with additional levels of security in storage infrastructure build to secure sensitive data. For particularly sensitive data, like cardholder information or personally identifiable information, additional levels of security are required. For example, payment card data needs to be stored with extra security measures to remain PCI DSS (Payment Card Industry Data Security Standard) compliant.   

  

What is Data in Transit?  

Data in transit, also known as data in motion, is data that is being actively transferred between different locations. Data in transit can be transferred in many ways, although certain methods of transfer are more secure than others. An everyday example of data in transit would be information sent through email or text, or data being accessed through a cloud service. Once the transfer is complete, data in transit then becomes data at rest.  

While you may not send top secret information through email or text every day, sensitive data is often in transit in ways we don’t even think about. For example, cardholder data is constantly in transit. Every time a card is swiped in store, or entered online, cardholder data is sent to both the customer’s issuing bank and the merchant’s acquiring bank to complete the transaction.  

    

How to Secure Data in Transit and Data at Rest  

Whether data is at rest, or in transit, it needs to be properly secured. Take the following security measures to ensure your data is safe in all its forms:  

  

Identify Sensitive Data  

Identifying where sensitive data is stored and used in your company, and monitoring safety protocols surrounding it’s use and storage. Limit access to sensitive data on a need-to-know basis and institute secure password practices for all devices or accounts that access sensitive data.  

  

Utilize Firewalls and Antivirus Software  

Network security solutions, like firewalls, can protect information data in transit as it is transmitted within the network. Keeping hackers and malware attacks out ensures that sensitive data doesn’t fall into the wrong hands.  

  

Audit Cloud Programs  

Keep track of security measures utilized by any cloud service providers. Accessing data in the cloud is a process that uses data in both states. Data is stored as data at rest but is converted into data in transit when it is accessed online. Data in the cloud is consistently in a vulnerable state and cloud service providers should be vetted to ensure they have adequate security measures in place.   

  

Encrypt or Tokenize Sensitive Data  

Encrypting or tokenizing sensitive data is the ultimate protection if it falls into the wrong hands. Encryption and tokenization work best for different use cases. Encryption is best for unstructured sensitive data files, like documents, emails, or recordings. If unauthorized access occurs, encrypted data will be kept safe, if the encryption key is securely stored away from the encrypted data.  

Tokenization is best for structured data, like payment card information or social security numbers, that are needed for internal use. Tokens replace sensitive data in such a way as to maintain the data’s utility, while the truly sensitive data is stored elsewhere. Tokenization cannot be reversed, meaning stolen tokens are worthless to thieves. Figure out which kind of protection is best for the kind of data you have, and ensure your data remains secure if it is accessed by an unauthorized party.   

  

Both data at rest and data in transit are vulnerable to bad actors looking to steal sensitive data. Even if you have fantastic data storage, your data could be compromised when it’s being transferred. Similarly, an airtight transit process is worthless if the data is being transferred to an unsecured location. Bad actors will try to access your valuable data whenever it's at its most vulnerable.  

Interested in how tokenization can secure your data both at rest and in transit?

  Learn More 

Topic(s): data security