Data in use
What is data in use?
Data in use includes all data that is accessed, processed, and modified regularly. Some examples of data in use include files shared between employees, weekly logs, and daily manufacturing data. This state of data is exposed to security risks at all times, due to the numerous threat vectors present when it is accessed or shared. The threat to this data state is not just from hackers or external entities, but also insiders with malicious or financial motives and employees who don't adhere to data security policies.
The three states of data
Data in use is one of the three types of data states, the other two being data at rest and data in transit. It is important to understand the flow of data in use, where and to whom it is exposed to apply the right security controls. Data at rest is data that lies dormant within organizations' repositories and data in transit is data that is being shared or transmitted within or outside of the organization.
Data in use vs. data at rest
|Point of difference||Data in use||Data at rest|
|Use||Very actively accessed, or modified by users, leading to an increase in the number of users who have access to the data.||Data stored passively in data stores, often archived or stored away with no current business needs. The access to this data can be restricted by securing offline backups with the highest level of authorization.|
|Transmission||Data in use is shared frequently, multiple times by various users.||Data in rest is seldom shared and is exposed to minimal threats from users or unsecure sharing methods.|
|Vulnerability to attacks||Data in use is highly vulnerable as it is exposed to multiple threat vectors namely, unauthorized users, unsafe sharing methods, and data theft.||High: For data stored in the cloud.
Low: For offline backups with appropriate physical security controls.
|Security controls that may be employed||Security measures for data in use include user authorization and authentication, stringent user permissions management, and securing file sharing methods.||Well-protected offline backups to ensure availability of data in case a data theft occurs.|
Threats to data in use
Some of the threats data in use can be exposed to include:
- Insiders who try to exfiltrate data by misusing access privileges
- Malware infiltration leading to data theft or to data held ransom by hackers
- Loss of data due to inadvertent loss of portable storage devices
- Loss of data caused by corrupt programs or device failure
How to secure data in use
You can protect data in use by safeguarding it where it is used the most, usually within the organization. Approach data security from 360-degree perspective to address as many security backdoors as possible.
- Implement sound user authentication and authorization controls. Enforce multi-factor authentication to minimize the chances of user credentials being stolen by hackers.
- Periodically review and resolve user permissions for permission inheritance issues, such as excess privileges to user roles that don't require them. Tools like a security permission analyzer can help identify effective user permissions.
- Be notified of crucial file events for files classified as restricted, sensitive, or confidential by a data classification tool.
- Look for sudden spikes in file modifications or deletions that can indicate a ransomware attack. Deploy a file integrity monitoring solution to track real-time file changes.
- Keep your endpoints secure by monitoring outbound emails, USB activity, potential web uploads and more using data leak prevention software.