How to Protect Your Data at Rest?
Data security has become a requirement every company needs to consider to avoid being harmed by cybercriminals or risk the public release of its sensitive information through leaks or thefts.
With recent surges in hacker attacks and leaks, it seems that sensitive data has never been more vulnerable. And with every aspect of businesses becoming digitized, we are increasingly relying on third party solutions, whether antivirus, Data Loss Prevention, encryption and other solutions to keep our data safe.
Types of Sensitive Data
Sensitive data comes in different shapes depending on the sector a business is part of. It can take the form of credit card numbers, medical records or social security numbers, but regardless of its actual content we can distinguish three different states it can be found in: data at rest, data in use and data in motion. These three types of data present different levels of vulnerability and different challenges when it comes to their protection.
- Data at rest is static data stored on hard drives that is archived or not often accessed or modified.
- Data in use refers to data that is frequently updated by multiple users within a network and is very much active.
- Data in motion on the other hand is data that is being transferred outside the network and subject to third party services whose security cannot be guaranteed. Most Data Loss Prevention solutions address the dangers data in motion faces from breaches and human error during its transit.
There is a common misconception that data at rest is safer than data in motion because it is not exposed to the risks of internet transfers. To see the dangers of such a mindset, we only have to look at WannaCry ransomware attack which in fact targeted data at rest and predominantly affected the business and public sectors. Hackers do not need physical access to a computer to compromise its data. All they need is a vulnerability they can exploit, whether a technical or human one.
Best Ways to Secure Your Data at Rest
Usually, conventional antivirus software and firewalls are used to protect data at rest. However, these do not guarantee safety from phishing attacks for example that can target specific individuals, corrupt one workstation and then proceed to attack the rest of the network.
Negligence is one of the biggest causes of leaks today and one of the significant dangers to data at rest: forgotten USB sticks and laptop bags in airports or cars are common occurrences in today’s dynamic business environment that often requires travel, off-site meetings and presentations. Disgruntled employees looking to leave a company are also known to copy sensitive data in order to carry it over to their next place of employment.
Another commonly used method to protect data at rest is hardware encryption, but while it can safeguard against cases of lost or stolen computers, it does not guarantee its protection against insiders. It is therefore essential that companies look beyond this protection method and explore more complex means to address the security issues surrounding data at rest.
Solutions such as Endpoint Protector, through its eDiscovery module, can scan data at rest stored on employees’ endpoints for sensitive data based on predefined or custom content, file name or particular compliance profiles. Based on the results, it can then encrypt or delete the data to protect from potential breaches. It offers a way to control sensitive information on employees’ computers remotely, removing it when access to it is no longer desirable and acting as an additional layer of security in data management.
It is clear that protecting only one type of data, whether in motion or in use or both and ignoring data at rest can lead to disastrous consequences. It is therefore essential that companies look for all-inclusive solutions that deal with all sensitive data, no matter what state it finds itself in.
Looking to protect data at rest? Check out our Data at Rest Encryption solution.
Download our free ebook on
Data Loss Prevention Best Practices
Helping IT Managers, IT Administrators and data security staff understand the concept and purpose of DLP and how to easily implement it.