- Cloud Protection
- Compliance
- Data Leak Prevention
- Bring your own device
- Copy protection
- Data access control
- Data at rest
- Data in transit
- Data in use
- Data leakage
- Data loss prevention
- Data security
- Data security breach
- Data theft
- File security
- Incident response
- Indicators of compromise
- Insider threat
- Ransomware attack
- USB blocker
- BadUSB
- USB drop attack
- Data Risk Assessment
- File Analysis
- File Audit
Data in use
What is data in use?
Data in use includes all data that is accessed, processed, and regularly modified by applications, users, or devices. It is the state where data is most vulnerable to security risks due to the numerous threat vectors present when it is accessed or shared.
Examples of data in use
- Files shared between employees: When multiple users are simultaneously editing a document stored in the cloud, the document data is in use.
- Online banking transactions: Every time a user logs in to their online banking account, checks their balance, or makes a transaction, their financial data is in use.
- Real-time analytics: When real-time data is actively queried, analyzed, and processed to gain insights into customer behavior or market trends, the data being processed is in use.
- Database queries: When a software application queries a database for specific information, the retrieved data is in use while it's being processed by the application
Three states of data
Data in use is one of the three types of data states, the other two being data at rest and data in transit. To apply the right security controls, it is important to understand the flow of data in use along with where and to whom it is exposed. Data at rest is data that is stored in hard drives, servers, or cloud storage and lies dormant within organizations' repositories. Data in transit is data that is actively moving between two endpoints within or outside of the organization.
Data in use vs. data in transit
Each state of data differs in terms of its vulnerability to attacks, threats, and the security controls that can be applied.
| Aspect | Data in use | Data in transit |
|---|---|---|
| State | Actively being processed or manipulated, residing in memory or on devices | Actively moving between source and destination points over the internal network or internet |
| Potential vulnerabilities | Malicious insiders, malware affecting applications, and data leakage from user actions | Unsecure communication protocols and unencrypted data |
| Potential threats | Unauthorized access, malware, memory scrapping, insider threats, and data leakage | Unauthorized interception, man-in-the-middle attacks, and data tampering |
| Security controls | User authorization and authentication, stringent user permissions management, and securing file sharing methods | Secure communication protocols (e.g., HTTPS, VPNs), encryption, and network security controls |
Threats to data in use
Some of the threats to data in use include:
- Unauthorized access: Unauthenticated users can gain access to sensitive data during processing, leading to data breaches and leaks.
- Malware and malicious code: Infected applications or devices can compromise data in use, potentially leading to data corruption or theft.
- Memory scrapping: Sophisticated attackers can exploit vulnerabilities to extract data from an application's memory.
- Insider threats: Employees or collaborators with access to data in use can misuse it intentionally or inadvertently.
- Data leakage: Inadequate controls can result in unintended data exposure, such as through copy-paste operations or screen captures.
Protecting data in use
You can protect data in use by safeguarding it where it is used the most, usually within the organization. Approach data security from a 360-degree perspective to close as many security backdoors as possible:
- Implement sound user authentication and authorization controls, like enforcing multi-factor authentication to minimize the chances of user credentials being stolen by hackers.
- Periodically review and resolve user permissions for permission inheritance issues, such as excess privileges to user roles that don't require them. Tools like a security permission analyzer can help identify effective user permissions.
- Get notified about crucial file events for files classified as restricted, sensitive, or confidential by a data classification tool.
- Look for sudden spikes in file modifications or deletions that can indicate a ransomware attack. Deploy a file integrity monitoring solution to track real-time file changes.
- Keep your endpoints secure by monitoring outbound emails, USB activity, potential web uploads, and more using data leak prevention software.
Data protection with DataSecurity Plus
Implement strong data protection controls to your data in its all three states using ManageEngine DataSecurity Plus. It offers timely reporting and an effective alert-and-respond mechanism through a unified data visibility and security platform. With DataSecurity Plus, you can continually monitor file activity in servers and endpoints and optimize security.
Try all of its features with a free, fully functional, 30-day trial.
Download now