How encryption protects data at rest, in transit, and in use

Just like water changes its state from ice to liquid and then to steam, data on your computer never stays the same either. Namely, your data can be at rest, in transit, or in use. Each of these states brings specific cybersecurity challenges that every organization has to meet. So, where should you start? How do you protect your data, and what’s the role of encryption in this process?

What is data at rest?

Data at rest means it’s not accessed or used but instead stored on your computer, external hard drive, cloud storage, server, database, or smartphone.

Let’s say you possess 3GB of customer records you keep in the cloud: names, addresses, order details, emails, and credit card numbers. You’re not working with this data all the time and access it only when a customer comes back with a new order. When this data peacefully resides in your cloud, it is considered to be at rest.

Here are the challenges data at rest faces:

• compliance with international regulations, such as GDPR, PCI DSS, or HIPAA;
• data can be accessed from endpoint devices that are outside the company’s network;
• when storing data in the cloud, you depend on the security level of the service provider;

Unfortunately, many companies leave their data unprotected. They don't have a dedicated person to take care of its security and ensure nobody can access it.

In 2006, Idaho Power Co. gave away 230 hard drives with their customers’ data for recycling. However, instead of wiping out the sensitive information, a third-party vendor sold some of the hard drives on eBay. The company managed to get their drives back, but this just proves how risky it is to trust outsiders.

What is data in transit?

When you send a financial report to your co-worker via Slack or email, this data is considered to be in transit (also called “data in motion”). It travels by Wi-Fi, fiber connection, or cellular networks.

If you often find yourself working from airports, cafes, and other public places, you might be exposing yourself to even greater risks. Public Wi-Fi is not safe unless you take security precautions. Hackers can conduct a man-in-the-middle attack and trick you into believing that you’re communicating with the genuine website or a server. In reality, all your traffic would be exposed, enabling hackers to steal your sensitive data, credit card details, and passwords.

Imagine that your company’s accountant gets hacked. And, just like that, perpetrators can take over the financial information of all your employees, clients, and partners. This could cause a damaged reputation, revenue losses, and huge fines. The risk is higher in companies where employees use their personal devices for work.

What is data in use?

As the name suggests, data in use is neither stored nor travels from one device to another, but is instead viewed, edited, or deleted. Data in use takes various forms:

• smartphone apps (Slack, Upwork, MailChimp);
• cloud apps (Google Drive, Dropbox, Salesforce, GitHub);
• MS Office software (Word, Excel, etc.);
• graphic and 3D modeling programs (Adobe Photoshop, Archicad, CorelDRAW).

Many apps have both desktop and mobile versions that are synced together. While it gives users flexibility, it also increases the risk of losing data. Hackers can attack your phone and access your Google Drive, which you probably share with hundreds of co-workers.

Millions of phishing emails are sent every day to trick people into downloading malware. This way, an attacker can infect your system, monitor everything you do in real time, and steal your files.

Why is encryption necessary for data at rest, in motion, and in use?

Encryption turns your data into ciphertext and protects it both at rest and in motion. Even if hackers have intercepted your data, they won’t be able to view it. It’s a bulletproof method to enhance your company’s security and protect valuable files.

NordLocker is an easy-to-use encryption app that allows users to encrypt any type of data and store it on the computer or in the cloud. All you have to do is drag and drop files into a so-called locker, and the app will encrypt them for you.

When you trust a cloud service provider with your files, you also entrust them with your company’s security. With NordLocker, you encrypt files yourself — there’s nobody in between. Best of all, NordLocker has a zero-knowledge policy and doesn’t care what files you keep in your locker.

You can also share the encrypted locker with your co-workers, making sure that the files are protected while in transit.

Data in use is the most vulnerable, as you need to decrypt data in order to work with it. However, if your organization is using encryption, two-factor authentication, firewalls, antivirus software, and threat detection systems, you can mitigate the risks.

Get 3GB of cloud storage for free and protect your data!