- Cloud Protection
- Compliance
- Data Leak Prevention
- Bring your own device
- Copy protection
- Data access control
- Data at rest
- Data in transit
- Data in use
- Data leakage
- Data loss prevention
- Data security
- Data security posture management
- Data security breach
- Data theft
- File security
- Incident response
- Indicators of compromise
- Insider threat
- Ransomware attack
- USB blocker
- BadUSB
- USB drop attack
- Data Risk Assessment
- File Analysis
- File Audit
- Threat Glossary
Data in transit
Key takeaways
- Data in motion, also known as data in transit, is data that is being transmitted from one location to another, either within the network or across external networks.
- Data at rest is data that is stored in a particular location, and not actively being used.
- Data in use is data that is actively being accessed or processed.
- Data in motion is vulnerable to interception, insider misuse, excessive access, and uncontrolled third-party sharing, making strong encryption and access controls essential.
- Encryption is fundamental to protecting data in transit, using protocols like TLS, HTTPS, SFTP, and IPSec helps prevent interception and tampering.
- To secure data as it moves across the organization, apply strict controls at critical exit points by monitoring file activity on endpoints, enforcing email data loss prevention (DLP) policies, limiting the use of USB and removable media to approved devices, and controlling uploads to cloud and SaaS platforms to prevent unauthorized data exfiltration.
What is data in motion?
Data in transit, or data in motion, refers to data that is transmitted within a network or across the internet. A few examples include files being shared with coworkers, emails sent with attachments, data uploaded to cloud applications, messages exchanged through collaboration tools, and information shared with third-party vendors or partners. Data in transit is the most vulnerable category of data, as it gets exposed to high security threats like eavesdropping attacks, ransomware attacks, and data theft.
The three states of data
Data can be classified into three categories depending on its state: data at rest, data in use, and data in transit. Data at rest comprises of all files and information that is stored or archived. Data in use involves all data currently in use by employees, vendors, and other stakeholders. Of all the three states, data in transit is the most vulnerable to data theft.
Data in transit vs. data at rest vs data in use
The main differences between these three states of data can be explored through the nature of data, its vulnerability to attacks, applicable security controls, and the consequences of data loss.
| Point of difference | Data in transit | Data at rest | Data in use |
|---|---|---|---|
| Location | Moving across networks, the internet, or internal systems between endpoints. | Stored in databases, file systems, offline backups, or cloud storage. | Residing in RAM, CPU registers, or application memory during active processing. |
| Exposure surface | Network channels, communication protocols, and file transfer mechanisms. | Storage devices, cloud repositories, and backup systems. | Endpoints, application environments, and active user sessions. |
| Primary risks | Eavesdropping, manipulator-in-the-middle attacks, ransomware, and data interception. | Unauthorized physical access, cloud breaches, and insider theft. | Memory-scraping attacks, insider threats, and privilege escalation exploits. |
| Common security controls | Data encryption, securing file transfer channels, and monitoring user activity using a data leak prevention solution. | Multiple secure offline and cloud backups, access controls, and physical security measures. | Role-based access controls (RBAC), data masking, endpoint security, and user activity monitoring. |
| Encryption methods | TLS/SSL, SFTP, and HTTPS protocols to secure data during transmission. | AES-256 encryption for stored files, database encryption, and encrypted cloud storage. | Homomorphic encryption and trusted execution environments (TEEs) to protect data during processing. |
Threats to data in transit
Data moving across networks and organizational boundaries is continuously exposed to interception, manipulation, and exploitation. A few common threats include risks to data in transit:
- Interception and packet sniffing: Attackers capture raw data packets flowing through a network, exposing credentials, session tokens, and sensitive content in plaintext (particularly on unencrypted or poorly segmented networks).
- Manipulator-in-the-middle attacks: Adversaries secretly position themselves between two communicating channels to intercept, read, and alter data in real time, while the connection appears completely legitimate to both endpoints.
- DNS spoofing: By corrupting DNS cache entries, attackers silently redirect users from legitimate domains to fraudulent ones, capturing credentials and sensitive data without requiring any action from the victim.
- Session hijacking: Attackers capture valid session tokens through network interception or cross-site scripting to fully impersonate an authenticated user, gaining unauthorized access without ever needing their credentials.
- Cryptographic weaknesses and unencrypted protocols: Use of deprecated algorithms, poor key management, and unencrypted protocols such as HTTP and FTP leave data fully exposed in transit. Outdated protocol versions further compound this risk by introducing known, exploitable vulnerabilities.
Addressing these threats requires a robust approach to securing data as it moves, starting with encryption.
Encrypting data in transit
As discussed in the previous section, data in transit faces various threats as it moves between different locations with varying levels of enforced security policies. This makes encryption essential, as it ensures secure transmission and protects sensitive information from interception, tampering, and unauthorized access. A few protocols used to encrypt data in transit include:
- TLS: Encrypts data exchanged between applications, securing web, email, API, and other network communications.
- HTTPS: Uses TLS to encrypt communication between browsers and web servers, protecting online browsing and transactions.
- SFTP: Secures file transfers over a network by encrypting both commands and data using SSH.
IPSec:Encrypts and authenticates IP packets, commonly used to secure VPN connections between networks and remote users.
While encryption plays a critical role in protecting data in transit, securing it involves more than just applying encryption. In the next section, we’ll explore a few more measures required to protect data in transit effectively.
How to protect data in transit
To secure data as it moves across the organization, implement granular controls at key egress points where sensitive information can exit the environment.
- Control endpoint file activity: Track file actions—including copy and move events—to detect unusual movement of sensitive files. Real-time monitoring enables early detection of abnormal activity and prevents unauthorized transfer to external destinations.
- Enforce DLP for email: Protect sensitive data transmitted through mail servers by scanning outbound messages for financial records, personal data, or intellectual property. Automatically quarantine suspicious attachments, block external delivery, or require managerial approval before sending data to external domains.
- Restrict USB and removable media access: Manage physical data movement by controlling endpoint ports and removable storage usage. Allowlist authorized, corporate-encrypted devices by serial number to ensure that any data copied to external media is logged, traceable, and limited to approved hardware.
- Regulate file uploads across cloud applications: Inspect and govern file uploads to websites, SaaS platforms, and online services. Enforce policies that prevent sensitive data from being uploaded to unauthorized or high-risk destinations, including personal cloud drives and shadow IT platforms. Block, quarantine, or generate alerts for suspicious upload activity.
- Secure data in motion in cloud environments: As data moves across cloud infrastructure, APIs, and third-party integrations, it travels beyond the organization's direct control. Enforce TLS 1.2 or higher across all transmission channels, govern data movement between cloud services, restrict transfers to unauthorized platforms, and maintain continuous visibility into cloud data flows to detect anomalous activity before it escalates.
Data leak prevention with ManageEngine DataSecurity Plus
Secure data with prompt actionable insights derived from granular reports with our endpoint security software. Gain complete visibility into file, web, email and removable storage media activity and respond swiftly to unauthorized user activity detected across your endpoints.
With DataSecurity Plus you can:
- Track changes to files containing sensitive data to look into possible data manipulation or theft.
- Protect crucial files against data theft by preventing copy actions with the copy protection capability.
- Stop malicious data transfers through removable media storage and manage the use of USB devices stringently.
- Scan outbound emails for potential data leaks and track probable web browser downloads to respond to harmful user actions.
- Scan web traffic to block access to risky websites and applications.
- Monitor file uploads to cloud applications like OneDrive and Dropbox.
Check out all these features and more in a free, fully functional, 30-day trial.
Download the free trialFrequently Asked Questions (FAQ)
What are a few examples of data in transit?
Data in transit is any information that is actively being transferred from one place to another. Examples include:
- Emails and attachments in transit
- Data flowing between servers over a network
- API calls between microservices
- Remote employee VPN sessions
- Information submitted through online forms
- Files being copied to a USB drive.
If the data is moving between devices, systems, or users, it is considered data in transit.
What compliance requirements apply to data in transit?
Many regulatory frameworks explicitly require organizations to protect data while it is being transmitted. Key standards include:
- GDPR: Mandates appropriate technical measures, including encryption, to protect personal data during transfer across systems and borders.
- HIPAA: Requires covered entities to implement transmission security controls that guard protected health information (PHI) against unauthorized interception.
- PCI DSS: Requires encryption of cardholder data that is transmitted across open, public networks to prevent interception and fraud.
How is data in transit different from data at rest and data in use?
- Data in transit: Information actively moving between systems, devices, or networks; for example, when a user submits a form over HTTPS or when servers communicate through APIs. This data is vulnerable to interception or manipulator-in-the-middle attacks while traveling across networks.
- Data in use: Information that is actively being processed, accessed, or modified in memory (RAM) by an application or system. This includes data being analyzed, queried, or temporarily stored during computation. This data is vulnerable to memory scraping, malware, or unauthorized process access.
- Data at rest: Information stored on a device, server, database, or storage medium that is not actively moving or being processed. This includes archived files, database records, and backups. This data is most vulnerable to unauthorized access, theft of storage media, and insufficient access controls.
What are a few challenges in securing data in transit?
Securing data in transit presents several challenges, including inconsistent enforcement of strong encryption standards, misconfigured or expired certificates, reliance on third-party and cloud services that reduce visibility and control, legacy systems that do not support modern security protocols, and the difficulty of monitoring encrypted traffic for threats without impacting performance or privacy.
Can generative AI systems expose sensitive data in transit?
Yes. When users interact with generative AI platforms, data submitted as prompts—including sensitive business information, personal data, or intellectual property—is transmitted to external servers for processing. This creates several risks:
- Interception: Data sent to AI platforms travels across public networks and is vulnerable to interception if not properly encrypted.
- Third-party exposure: Prompts and responses may be processed, stored, or used for model training by the AI provider, depending on their data handling policies.
- Shadow AI: Employees using unsanctioned AI tools bypass organizational controls entirely, creating unmonitored data egress paths with no visibility or governance.
Organizations should enforce policies governing which AI platforms employees can use, ensure all AI-related data transmission occurs over encrypted channels, and review provider data handling agreements before deployment.
Why is data in transit more vulnerable to cyberattacks?
Unlike data at rest—which sits behind access controls and physical security—data in transit is continuously exposed as it moves across networks and infrastructure that organizations do not fully own or control. Key factors include:
- Exposure across untrusted networks: Data traveling over the internet, public Wi-Fi, or third-party infrastructure passes through environments where attackers can intercept or manipulate traffic.
- Multiple transfer points: Every hop between servers, devices, and networks is a potential interception point, widening the attack surface with each transfer.
- Dependence on encryption: Data in transit relies entirely on the strength of underlying protocols. Misconfigured or absent encryption leaves it fully exposed.