SpartanTec, Inc. Columbia: Data Security: Protecting Data In Motion vs. Data At Rest

Most businesses that collect and process sensitive data require effective data security measures. This includes personally identifiable information (PII), IP, or healthcare data. Companies must ensure that their sensitive data is protected from malicious outsiders as well as careless insiders, regardless of whether they are complying with data protection legislation or standards like GDPR, HIPAA or PCI DSS.

Data can be classified according to its movement into three states:

data at Rest. Not moved from one device to another or between networks. This includes data that is stored on local hard drives and archived in file systems, databases, and storage infrastructure.
data in Use. Data currently being processed, erased or accessed by a system. It is stored within IT infrastructures like RAM, databases, and CPUs. This type of data is active and not passively stored.
data in Motion. Data in transit is data that’s moving between locations, such as computers, virtual machines, cloud storage or endpoints. Data in motion is data at rest once it reaches its destination.

The vulnerabilities of data in motion vs. data at rest

Data is always in motion in today’s digitalized workplaces. Every day, employees transfer data via email, virtual co-working spaces and messaging apps. They can use company-approved collaboration tools. However, they may also use shadow IT, personal services that are used in their work without their employer’s knowledge.

Data is therefore considered less secure when it’s in motion. It is not only vulnerable to being transferred via potentially insecure channels but also escapes the security of company networks and travels to less secure locations. Data is susceptible to Man-in-the-Middle cyberattacks.

Data at rest, as it isn’t transferred over the internet is less susceptible than data in motion. It remains within the security perimeter of company networks. Cybercriminals find data at rest more appealing than data in motion because it offers a greater payday than smaller packets of data in transit. Malicious insiders often target data at rest to steal or damage a company’s reputation before moving on to another job.

Data at rest cannot be transferred via the internet. However, this doesn’t mean that it can’t travel. Data at rest became particularly vulnerable during the COVID-19 epidemic, when more work computers were moved from offices to the less secure home environment.

Employee negligence can lead to data loss in both motion and at rest. Data can be lost or stolen from either local storage or transferred via the internet.

How to Protect Data in Motion and Data at Rest

Data in motion and data at rest have their own IT security challenges. Data in motion is inevitable, but many companies have attempted to minimize the accumulation of data at the rest of their data by implementing Virtual Desktop Infrastructures and Desktop-as-a-Service platforms to limit local storage of sensitive company information. These solutions have their own data security issues.

To protect data at rest against outsider attacks, basic cybersecurity measures like firewalls and antivirus software are essential. Data Loss Prevention (DLP), a popular tool to protect data from outsider attacks, is a popular option. DLP software controls and monitors the storage and transfer of sensitive data by using policies.

Endpoint Protector, a DLP tool, can use contextual scanning and content inspection to look for sensitive data in hundreds file types in real time. This is regardless of whether the data is stored locally or in transit. Based on search results, you can set up controls to restrict or block transfers or delete or encrypt data at work when it is found in unapproved locations.

Another common way to protect data is encryption. Companies can protect their data by encrypting hard drives with operating system’s native data encryption solutions. This ensures that no one can gain access to the data on the drive if it falls into the wrong hands.

DLP solutions may also allow you to encrypt files that are transferred to USB flash drives. This ensures that no one can see or alter the data stored on a USB flash drive in case it is lost or stolen. Data in motion can be protected by encryption of data before transport, or encrypted tunnels like Virtual Private Networks (VPNs), which help to protect sensitive data transfers.

Final words

There are many software options that can protect data in motion as well as data at rest. Data protection at rest and in motion can be achieved by using encryption, DLP solutions and antivirus software.