Encryption is the gold standard when it comes to protecting data, but too often, companies fail to protect their data at all times. Cybercriminals take aim at data whether it is sitting on a drive or flowing among devices. This is increasingly true with the expansion of cloud data.
Data at Rest vs. Data in Transit
“Data at rest” is appropriately labeled. The term refers to data that is not moving among devices or across networks, such as data stored on internal and external drives. Hackers often target data at rest because they find it more valuable than data in transit.
“Data in transit” is, not surprisingly, data that is actively moving, for example, across networks, between devices, or to and from the cloud. This type of data is one of the top targets of significant data breaches reported by the Identity Theft Resource Center, which reports that the use of HTTP and other insecure protocols have contributed to these breaches.
Encryption is a must whether data is at rest or in transit. Today’s cybercriminals are adept at finding (and stealing) data from anywhere.
The Encryption Evolution
The evolution of encryption technology has changed the way security professionals protect data. Over the past several years, security professionals have begun to protect data at rest and data in transit with stronger, more complex encryption methods.
Not so long ago, many companies relied on full-disk encryption to protect sensitive data. The technique is extremely limited in scope, only protecting the data living on a single computer when it is not logged in or turned on. This method did nothing at all for data in transit.
Key rotation is another standard protocol that has given too many companies false confidence in the robustness of their data security. We now know that key rotation in and of itself is effectively useless. By contrast, a keyless encryption method, implemented well, can provide far better protection for data in both rest and transit states.
Other methods include the use of encrypted connections to protect data in transit and encrypting data before it is moved.
Public key encryption offers more protection, especially asymmetric key encryption, which pairs a secret, private key with a public key. The public key typically encrypts data and the private key decrypts it.
Why encrypt data at rest?
Some companies are under the illusion that as long as they utilize security measures like firewalls and strict network access controls, their data at rest is not at risk. This is a false presumption.
As long as a network is connected to the outside world, the data contained there is, in fact, at risk. Encrypting data at risk makes it much harder for a hacker to use stolen data.
Further, when data at rest is stored on a physical drive, such as a laptop, it is at risk of theft. Criminals may be able to break into the device, but if the data contained there is encrypted, odds are they will not be able to utilize it. Data at rest is also at risk from malware installed on a storage device.
Why is data in transit even more vulnerable?
As data moves across networks, between devices, or to and from the cloud, it is at risk of being intercepted by bad actors. This is doubly true when data is unencrypted before being sent into the wild.
Data in transit is often compromised by malware infections that can “sniff” or “eavesdrop” data as it travels across networks.
End-to-end encryption methods can protect both types of data.
Reactive Security Is Not Enough
Security platforms that respond to threats only when they occur are too limited in scope to handle modern SecOps needs. Company and client data is much more secure when it is protected by a proactive platform that can predict threats and identify at-risk data.
The StrongSalt encryption as a service API is a decentralized, keyless management method that provides superior protection for data wherever it lives, whether it is at rest or on the move. Since the data is never decrypted in place, it is not vulnerable to human error.
Best of all, StrongSalt provides superior data protection while empowering companies to use their data at any time. Encrypted data remains searchable in any state, but remains encrypted. The platform itself can’t even see the protected data.
The StrongSalt API is simple enough for any developer to implement, but secure enough to meet the needs of the most complex applications.
Ready to step up your data security game? Get started today.