Your request for Endpoint Protector was sent!
One of our representatives will contact you shortly to schedule a demo.
Free, custom demo to suit your needs
One of our representatives will contact you shortly to schedule a live demo. We'll answer questions, address your concerns and tailor the demo to your needs.



* We don't share your personal info with anyone.
Check out our Privacy Policy for more information.
Please use a valid email address!
Thousands of global clients
already use our product
Trusted by companies of all sizes, from all industries. Fortune 500 companies, Universities, Governments, Banks, Media, and more.
Join them
Is your data at rest safe?

Download our FREE whitepaper on data loss prevention best practices. Download Now

How to Protect Your Data at Rest?

Data security has become a requirement every company needs to consider to avoid being harmed by cybercriminals or risk the public release of its sensitive information through leaks or thefts.

With recent surges in hacker attacks and leaks, it seems that sensitive data has never been more vulnerable. And with every aspect of businesses becoming digitized, we are increasingly relying on third party solutions, whether antivirus, Data Loss Prevention, encryption and other solutions to keep our data safe.

Types of Sensitive Data

Sensitive data comes in different shapes depending on the sector a business is part of. It can take the form of credit card numbers, medical records or social security numbers, but regardless of its actual content we can distinguish three different states it can be found in: data at rest, data in use and data in motion. These three types of data present different levels of vulnerability and different challenges when it comes to their protection.

  • Data at rest is static data stored on hard drives that is archived or not often accessed or modified.
  • Data in use refers to data that is frequently updated by multiple users within a network and is very much active.
  • Data in motion on the other hand is data that is being transferred outside the network and subject to third party services whose security cannot be guaranteed. Most Data Loss Prevention solutions address the dangers data in motion faces from breaches and human error during its transit.

There is a common misconception that data at rest is safer than data in motion because it is not exposed to the risks of internet transfers. To see the dangers of such a mindset, we only have to look at WannaCry ransomware attack which in fact targeted data at rest and predominantly affected the business and public sectors. Hackers do not need physical access to a computer to compromise its data. All they need is a vulnerability they can exploit, whether a technical or human one.

Best Ways to Secure Your Data at Rest

Usually, conventional antivirus software and firewalls are used to protect data at rest. However, these do not guarantee safety from phishing attacks for example that can target specific individuals, corrupt one workstation and then proceed to attack the rest of the network.

Negligence is one of the biggest causes of leaks today and one of the significant dangers to data at rest: forgotten USB sticks and laptop bags in airports or cars are common occurrences in today’s dynamic business environment that often requires travel, off-site meetings and presentations. Disgruntled employees looking to leave a company are also known to copy sensitive data in order to carry it over to their next place of employment.

Another commonly used method to protect data at rest is hardware encryption, but while it can safeguard against cases of lost or stolen computers, it does not guarantee its protection against insiders. It is therefore essential that companies look beyond this protection method and explore more complex means to address the security issues surrounding data at rest.

Solutions such as Endpoint Protector, through its eDiscovery module, can scan data at rest stored on employees’ endpoints for sensitive data based on predefined or custom content, file name or particular compliance profiles. Based on the results, it can then encrypt or delete the data to protect from potential breaches. It offers a way to control sensitive information on employees’ computers remotely, removing it when access to it is no longer desirable and acting as an additional layer of security in data management.

It is clear that protecting only one type of data, whether in motion or in use or both and ignoring data at rest can lead to disastrous consequences. It is therefore essential that companies look for all-inclusive solutions that deal with all sensitive data, no matter what state it finds itself in.

Looking to protect data at rest? Check out our Data at Rest Encryption solution.

Frequently Asked Questions

What is and how to protect data at rest?
Data at rest is static data stored on hard drives that is archived or not often accessed or modified. Usually, conventional antivirus software and firewalls are used to protect data at rest. However, these do not guarantee safety from phishing attacks for example that can target specific individuals, corrupt one workstation and then proceed to attack the rest of the network. Solutions such as Endpoint Protector, through its eDiscovery module, can scan data at rest stored on employees’ endpoints for sensitive data based on predefined or custom content, file name or particular compliance profiles. Based on the results, it can then encrypt or delete the data to protect from potential breaches.

Read more on how to protect data at rest.

What’s the difference between data at rest vs. data in motion?
Data in motion is actively moving from one location to another across the digital channels of the Internet or a private network. Idle data, as you might have guessed, is at rest - it’s not moving from network or device to another in any way. Think of data stored on hard drives and flash drives, or inside of laptops or computers. When it comes to data at rest, protection aims to preserve inactive data stored on devices or networks. This data is less susceptible to interception and is often considered more valuable to attackers than data in motion.

Read more on how to protect data at rest here or data in motion here.

What is encryption on data at rest?
Encryption at rest is designed to prevent the outsiders from accessing the unencrypted data by ensuring the sensitive data is encrypted when on disk. If an attacker obtains a hard drive with encrypted data but not the encryption keys, the attacker must defeat the encryption to read the data. This attack is much more complex and resource consuming than accessing unencrypted data on a hard drive. For this reason, encryption at rest is highly recommended and is a high priority requirement for many organizations. Encryption at rest may also be required by an organization's need for data governance and compliance efforts. Industry and government regulations such as HIPAA, PCI, GDPR and FedRAMP, lay out specific safeguards regarding data protection and encryption requirements. Encryption at rest is a mandatory measure required for compliance with some of those regulations.

Read more about data at rest encryption.

What are the threats for data at rest?
Data at rest is at risk of loss, leakage, or theft. Sensitive data stored on a device or backup medium can be easily attacked if it is invisible or improperly managed. Threats for data at rest include both insider and outsider attacks - such as unauthorized employees storing sensitive data on their computers and attackers which manage to bypass the network defense and try to get a hold of the company’s records.

Learn more about data security threats.

explainer-c_learning

Download our free ebook on
Data Loss Prevention Best Practices

Helping IT Managers, IT Administrators and data security staff understand the concept and purpose of DLP and how to easily implement it.

Leave a Reply

avatar