What is data at rest?

“Data at rest” refers to data that is currently stored, usually on the hard disk of a computer or server. This term is used to distinguish it from “data in transit,” also known as “data in motion,” which describes the state of data as it moves from one location to another. Additionally, it is distinct from “data in use,” which refers to data that is loaded into memory and actively utilized by a software program.

Imagine Bob intends to share a picture of a cheeseburger with Alice. Bob captured the image using his smartphone and has kept it stored on the device all this time. Therefore, the cheeseburger photo is currently considered as “data at rest.” Later, Bob opens the photo on his phone, making it accessible in his phone’s memory. This transition of the photo into memory classifies it as “data in use,” specifically within his phone’s photo viewer and email applications.

When Bob chooses to send the photo, he attaches it to an email. Subsequently, the photo, now considered “data in transit,” travels over the Internet to Alice’s email service.

What dangers does data at rest face?

Every state of data—whether it is at rest, in transit, or in use—faces the potential danger of being discovered or exposed by malicious entities. However, the risks associated with each state differ. For example, data in transit can be intercepted by unauthorized individuals, whereas data at rest, being stationary, does not face the same vulnerability.

Data at rest remains an appealing target for attackers who may have various motives, such as encrypting the data to demand a ransom, stealing it outright, or corrupting and wiping it altogether.

Regardless of the method employed, the ultimate objective is to gain access to the data at rest and carry out malicious activities, often driven by financial gain:

• Ransomware represents a form of malicious software that, once infiltrating a system, encrypts the data at rest, rendering it unusable. The attackers behind ransomware demand a fee for decrypting the data once the victim complies and pays.

• A data breach can occur if data at rest is moved or leaked into an unsecured environment. Such breaches can be intentional, involving external attackers or malicious insiders purposefully accessing, copying, or leaking the data. Alternatively, they can be accidental, arising from situations where a server is inadvertently exposed to the public Internet, thereby leaking the stored data.

• Unauthorized or excessive access to data at rest also places it at risk. Attackers may resort to falsifying or stealing credentials to gain access to such data.

• Physical theft can also impact data at rest if someone steals a laptop, tablet, smartphone, or any other device where the data at rest resides.

What is data at rest encryption?

Encryption involves the process of scrambling data to a degree that it becomes readable only with a specific key. This key is essentially a sequence of random values, such as “FFBD29F83C2DA1427BD”. Hard disk encryption pertains to the technology employed to encrypt data when it is at rest.

Data at rest encryption can be likened to securing important documents within a safe. Access to the stored papers is limited to individuals possessing the key. Similarly, only parties possessing the encryption key can access data at rest.

By encrypting data at rest, it is shielded from adverse occurrences like data breaches, unauthorized access, and physical theft. The data becomes futile without the key.

(It is worth noting that encryption is also crucial for safeguarding data during transit. The primary technology employed for encrypting data in transit is Transport Layer Security/TLS. For further information on TLS, you can learn more here.)

How does identity and access management (IAM) protect data at rest?

Securing data involves a critical aspect of controlling its accessibility. The more individuals who possess access to data, the higher the risk of a breach. In the absence of robust access controls, unauthorized parties may have the ability to manipulate, duplicate, pilfer, or obliterate data that is currently inactive. In reality, numerous ransomware attacks employ lateral movement tactics to obtain the necessary credentials for accessing and modifying data that is at rest.

Identity and access management (IAM) encompasses the practices employed to manage user identities and their authorized actions. IAM plays a pivotal role in safeguarding inactive data by verifying the authenticity of users and assessing their permissions to view and modify data in its dormant state.

Why is protecting data at rest important in cloud computing?

In the era predating the Internet and cloud computing, users and organizations typically stored data at rest on their own computers or on servers located within their premises. However, with the widespread adoption of cloud services, data at rest is now frequently stored on remote servers maintained by external vendors. Given the lack of direct control over the data, organizations utilizing cloud infrastructure must assess the cloud storage security measures implemented by their providers and ensure the correct configuration of their cloud deployments.

To streamline the identification of security misconfigurations that may jeopardize data at rest, organizations can leverage Cloud security posture management (CSPM) tools, which automate the detection process.