Data can exist in three states - in motion, at rest, and in use. Data at rest refers to inactive stored data, data in motion is actively being transmitted, and data in use is currently being accessed or processed. To secure data in all states, companies should implement network security, encrypt sensitive data, carefully classify all data based on risk level, and apply appropriate protection measures for data as it moves between states. Relying solely on reactive security or cloud providers puts data at greater risk.
History of Indian Railways - the story of Growth & Modernization
rest motion.pptx
1.
2. Data in rest
• Data at rest is a term that refers to data stored on a
device or backup medium in any form
• It can be data stored on hard drives, backup tapes, in
offsite cloud backup, or even on mobile devices
• What makes it data at rest is that it is inactive data that
is not currently being transmitted across a network or
actively being read or processed
• Data at rest is typically in a stable state
• It is not traveling within the system or network, and it
is not being acted upon by any application or the CPU
3. Data in rest
• Data at rest is data that has reached a
destination (even if only temporarily)
• At this destination, there can be additional
layers of security added to it, such as
encryption, multi-factor authentication, and
both digital and physical access controls
• Data at rest should almost always be
encrypted
4. Data in motion
• Data in motion is data that is currently traveling across
a network or sitting in a computer’s RAM ready to be
read, updated, or processed
• Data crossing over networks from local to cloud
storage or from a central mainframe to a remote
terminal should be encrypted so that it cannot be read
or manipulated by any machine or hacker between the
data’s source and destination
• This data in motion includes data moving across a
cables and wireless transmission
• It can be emails or files transferred over FTP or SSH.
5. Data in use
• Data in use is data that is not just being stored
passively on a hard drive or external storage
media
• This is data that is being processed by one or
more applications
• This is data currently in the process of being
generated, updated, appended, or erased
• It also includes data being viewed by users
accessing it through various endpoints
6. Data in use
• Data in use is susceptible to different kinds of
threats depending on where it is in the system
and who is able to use it
• The most vulnerable point for data in use is at
the endpoints where users are able to access
and interact with it
7. Data in use
• Protecting data in use is a challenging task since
there is such variety in the ways the data can be
accessed and manipulated
• One set of data can potentially have multiple
users working with it from multiple endpoints
• The large number of in-house systems, devices,
and employees accessing mainframe data from
personal devices means this data should be
protected through strong user authentication,
identity management, and profile permissions
8. Security measures for data
• Implement robust network security controls to
help protect data in transit
• Network security solutions like firewalls and
network access control will help secure the
networks used to transmit data against malware
attacks or intrusions
• Don’t rely on reactive security to protect your
valuable company data
• Instead, use proactive security measures that
identify at-risk data and implement effective data
protection for data in transit and at rest
9. Security measures for data
• Choose data protection solutions with policies
that enable user prompting, blocking, or
automatic encryption for sensitive data in transit
• Create policies for systematically categorizing and
classifying all company data, no matter where it
resides
• This is required to ensure that the appropriate
data protection measures are applied while data
remains at rest and triggered when data classified
as at-risk is accessed, used, or transferred
10. Security measures for data
• If you utilize a public, private, or hybrid cloud
provider for storing data or applications,
carefully evaluate cloud vendors based on the
security measures they offer – but don’t rely
on the cloud service to secure your data
• Who has access to your data, how is it
encrypted, and how often your data is backed
up are all imperative questions to ask
11. Security measures for data
• While data in transit and data at rest may have slightly
different risk profiles
• The inherent risk hinges primarily on the sensitivity and
value of your data
• Attackers will attempt to gain access to valuable data
whether it’s in motion, at rest, or actively in use,
depending on which state is easiest to breach
• That’s why a proactive approach including classifying
and categorizing data coupled with content, user, and
context-aware security protocols is the safest and most
effective way to protect your most sensitive data in
every state