What is Data in Transit, Data in Rest, and Data in Use?
Table of Contents
- By David Lukic
- Published: Jan 29, 2021
- Last Updated: Mar 18, 2022
We have all heard the word data and understand that it applies to many different types of digital information. There are three states of data, data in transit, data in use, and data at rest. Let’s explore each one to understand what they mean and how it applies to you.
What is Data at Rest?
Data at rest is what it sounds like. Data stored on your computer, laptop, hard drive, flash drive, or some other device that is not currently being used in any way. Security experts often find that data at rest is more vulnerable than data in transit. Thieves often target data at rest because it is easier to acquire and copy while not being used or observed. Cybersecurity experts agree that tokenization, encryption, and federation are the best options for data at rest security.
What is Data in Transit
Data in transit is information that is moving from one location to another. It may be traveling in unsecured space such as the internet or a private network (LAN), which is secured. Data that is on the move is far less secure but, at times, more challenging to access. In order to secure authentication data while transit over a network. First, let’s go through the examples of data in transit.
Examples of Data in Transit
There are hundreds of examples of data in transit that could be used to illustrate the process. Below are a few common ones to cement the idea.
-
Public Networks
When using your cell phone to connect to your bank’s website over HTTPS, you are using an open, unsecured network (the internet) to move or process data between your device and the bank’s server.
-
Private Networks
A private network is any LAN or secured network that is not accessible by the outside world. Your work or office network is a good example. When you copy files from a server on the network to your local computer, this is an example of data in transit. Depending on how well the LAN has been secured and whether or not the data is encrypted will determine its level of safety.
-
Local Devices
When you transfer information from your cell phone to your computer via a cable or computer-to-computer, you are initiating a data in transit process from one device to another. Such exchanges are typically more secure than other forms of data in transit. However, they are not failsafe, and data can be intercepted through malware or device corruption.
Data security experts recommend using encryption as the best defense against attacks towards data in use. Some of the secure connection types they advise using are HTTPS, SSL, TLS, FTPS, etc.
What is Data in Use?
When you open an Excel file or work with a document or piece of information on your computer or mobile device, the data is in use. It is currently stored in short-term memory (RAM) or a cache that has not yet been saved. Because this data may contain encryption keys, personally identifiable information, digital certificates, etc. it is incredibly vulnerable to attacks and breaches. It is critical to protect data in use even more so than data at rest or data in transit. Both data at rest and data in transit may be encrypted and even cut off from public networks, but data in use is exposed and wide open for extraction. Security experts advise using “full memory encryption” to secure any and all files that are accessed from a device. Some other methods of securing data in use are cryptographic protocols, enclaves, and CPU-based storage.
How to Secure Your Data
No matter where your data currently stands, here are some ways you can keep it safe.
-
Make sure your network is secured properly to protect data in transit. Use robust firewalls, administration tools, and anti-hacking devices to ensure against intrusions, malware, and spyware infections.
-
Implement automatic encryption for cloud solutions, email clients, and file sharing solutions to protect against attacks during data in transit. If you use outside vendors for backups, storage, or other services, carefully evaluate them and their security policies and protocols before entrusting your precious data to them.
-
Update your corporate policies to include systems and processes that have data security measures built in. Use specific tools and software for monitoring and measurement of the efficiency of data-in-transit protection.
-
Assign data in transit protection to a task team and have them catalog at-risk data, vulnerable points of entry, and craft a disaster plan for dealing with any breaches.
-
Have a proactive approach towards data in transit security. Implement ongoing monitoring and assessment of the solutions in place and update as necessary.