banner

What is Data at Rest?

What is Data at Rest?

When data collects in one place, it is called data at rest. For a hacker, this data at rest — data in databases, file systems, big data lakes, the cloud, and storage infrastructure in general — is probably much more attractive than the individual data packets crossing the network. Data at rest in these environments tends to have a logical structure, meaningful file names, or other clues which betray that this location is where the “money” is — that is, credit cards, intellectual property, personal information, healthcare information, financial information, and so on.

Of course, even data “at rest” actually moves around. For a host of operational reasons, data is replicated and manipulated in virtualized storage environments and frequently “rests” on portable media. Backup tapes are transferred to off-site storage facilities and laptops are taken home or on business trips all of which increases risk.

Breaches of sensitive data at rest often result in mandated public disclosure of the breach, reductions in sales and share price, and serious damage to the organization’s reputation.

Government regulations and industry associations generally mandate protecting personally identifiable information (PII); protected health information (PHI); and financial information, including credit card and financial account numbers; through pseudonymization techniques, such as encryption or tokenization, and tight control of access to the data through user access management. These techniques are also appropriate for protecting data the organization does not wish to share for its own reasons, such as intellectual property (IP).

In most regulations, if an organization’s data is breached, but it is encrypted and the encryption keys have not been stolen with the data, then the organization does not have to report the breach, because the data is indecipherable and useless to whomever stole it, and no harm is deemed to have come to the person identified with the data.

Related Articles

Secure your digital assets, comply with regulatory and industry standards, and protect your organization’s reputation. Learn how Thales can help at the following links: