Data at rest refers to all data that is stored passively in databases, file servers, endpoints, removable storage devices and offline backups. Data at rest is inactive and often considered less of a target (by admins) than other data classifications, so it is often secured with inadequate controls. However, sensitive data at rest, like PII, ePHI and credit card information stored in unsecure locations, are a major source of cybersecurity weakness and magnets for malicious entities looking to steal data.
Data at rest is one of the three classifications of data states. The other classifications are data in motion and data in use. Data in use is data that is currently being accessed, modified or processed by an organization and its stakeholders. Data in motion is data that leaves the periphery of the company to be used by external stakeholders or taken out by employees working remotely. The classifications for these three data states are useful in planning and implementing data leak prevention (DLP) policies.
Each data state warrants a different approach to security and control. The points of difference can be viewed from data use, transmission, vulnerability to attacks, and security controls.
|Point of difference||Data at rest||Data in motion|
|Usage||Static data that is not currently accessed, modified, or processed by users||Data that is being shared|
|Transmission||Only on demand or never||Continuously or frequently shared|
|Vulnerability to attacks||High: For cloud storage backups
Low: For offline backups
|Always high: Unencrypted data passing through the internet, unsecure removable storage devices used to carry data|
|Effective security control||Offline backups with high physical safety controls||Encryption of data passing through the internet, restricting USB devices, and file copy activity to control data transferred using a data leak prevention solution|
The various threats that data at rest can be exposed to include:
Data at rest should be protected based on dual perspectives: protection against insider activity and protection from external entities. Unintentional mistakes by careless employees or calculated data theft attempts by insiders can damage the company massively if a data breach occurs. Controls that authorize use for appropriate users will help limit risks. For data stored passively in endpoints, a DLP solution can help track and block exfiltration of data. Stringent user permissions management is essential to reduce insider incidents.
It is difficult to ensure that all security holes are plugged and that all risks are eliminated. However, organizations can safeguard against hackers by employing encryption as one of the security layers that shields enterprise data. As a last resort, secure offline backups are a must to lessen the impact of data theft.