Encryption in the lifecycle of data (in motion, at rest, in use) is vital to the security of your data.
Data doesn’t live and breathe like the humans who use it, but it does have a similar lifecycle. What’s not similar is that data can travel at nearly 60% of the speed of light through fiber optic cables. Even faster over a WiFi signal. It may be quicker than us, but it’s far more fragile.
Data is created (born), stored, used and shared (lives), and finally archived or deleted (dies). It’s valuable and often sensitive. It must be protected with encryption at every step of its lifecycle. Here’s what you need to know about encryption in the lifecycle of data and where your security measures may fall short.
Three main states
1. Data in Motion: The Internet is the main circulation system for most data. Keeping it from being intercepted or read in transit is the concern. The standard of protection here is to encrypt the channel. Is data itself encrypted? No.
2. Data at Rest: Information is stored in your secure data center. There’s no risk of interception because it’s not in motion. So, is there any need for data encryption? Yes.
3. Data in Use: Information has successfully transited from storage to the user. It’s been loaded on a computer and in the memory of the program using it. The data must be unencrypted for the program to manipulate it. Is it safe at that point? No.
Each of these main states in the lifecycle of data carries some level of risk if the data isn’t protected by encryption.
More protection at each point
Data transmission and transportation generally is viewed as posing less of a security risk than when it’s at rest or in use. These last two states pose a higher level of danger. Here are encryption solution suggestions to shore up each state.
Data in motion
Secure Sockets Layer (SSL) or Transport Layer Security (TLS) are strong cryptographic protocols, but they are not enough. The channel is secure and authenticated. The data remains vulnerable. Encrypting the data itself is the missing piece of security for this state. If your data is sensitive, and especially if you must follow compliance regulations, it should be encrypted before it leaves your control.
Data at rest
A single unauthorized access is the only thing standing between your data and its security. That can happen whether it’s information in your data center or on a password-protected computer.
The only way to reduce the dangerously high level of risk at this state is to encrypt the data itself. Sensitive data rests in many places throughout your organization. It may be off-premises and networked or even in the cloud.
New data poses the highest risk. Prioritize your encryption plans for it. Older or archived data may pose less of a security risk. Look for encryption and tokenization solutions. The combination enhances your level of control. That’s important if you must meet compliance standards that require you not only to encrypt data but also to identify and restrict data access.
Data in use
Protection at this state is crucial because data typically must be decrypted for use. It understandably poses the most challenges to encryption. Cloud computing magnifies those challenges.
The cloud application needs to decrypt data to read, manipulate or alter it. Cloud data protection gateways offer a strong security solution. They act as encryption/decryption points before your data travels to the cloud. Sensitive data never leaves your organization in the clear.
Easy to implement, difficult to manage
Many organizations discover that it’s not difficult to put encryption solutions in place at each main stage of the data lifecycle. The problem is that sensitive data takes many forms and is distributed in hundreds or thousands of devices. Managing encryption keys without obstructing access to users becomes an expensive and time-consuming IT nightmare.
The easiest way to reduce the need for data encryption is not to collect it in the first place. Recapture resources and reduce security threats by auditing your organization’s data collection policies. You may discover that one of your best data safeguards has nothing to do with encryption.
