Protecting Data at Rest

10/11/2020

Security should be a deciding factor when choosing a public cloud provider or an on prem storage device. Whether your data is traveling over the Internet, or simply sitting on a stored device it needs to be protected. Encryption at rest and in transit is the current industry standard that should be strived for to best keep data protected.

Data at Rest

Encryption at rest protects your data from a system compromise or data exfiltration by encrypting data while it is stored. The Advanced Encryption Standard AES is often used to encrypt data at rest.

AES has been adopted by the U.S. government and is now used worldwide. It supersedes the Data Encryption Standard DES, which was published in 1977. The algorithm described by AES is a symmetric-key algorithm, meaning the same key is used for both encrypting and decrypting the data.

Symmetric-Key Encryption

While Encryption at rest is a great start it needs to be coupled with encryption during transit. Encryption in transit defends your data, after a connection is established and authenticated, against potential attackers by removing the need to trust the lower layers of the network which are commonly provided by third parties.

In all cases of protecting data the security professional should try to reducing the total attack surface or minimize the number of ways data can be accessed. Minimizing the surface for attack will help prevent attackers from accessing data, and help track the result of and venue of a breach.

With adequate authentication, integrity, and encryption, data stays stored on a device or travels between users, devices, or processes can be protected in a hostile environment.