Data can be compromised both in transit and at rest and must be protected in both states. Encryption plays an essential role in data protection and is a standard tool for protecting data in transit and at rest.
Organizations either encrypt sensitive data before moving it or use encrypted connections to protect the data in transit. To protect the data at rest, organizations can easily encrypt sensitive files before storing them or the storage drive itself.
Data at rest encryption takes place while data is in the
Encryption in transit occurs when encrypted data is active, travels between devices and networks in the organization, such as the Internet, or is uploaded to the cloud. During this time, the data is more vulnerable and requires additional security protocols to protect the data.
For example, many in-transit encryption services also include steps to authenticate senders and recipients before decrypting information on arrival using Transport Layer Security (TLS). This additional layer of security helps protect data when uploading or downloading documents or media files.
The following table summarizes the difference between data at rest encryption and data in transit encryption.
Data at rest | Data in transit |
Data is more secure while stored, but is hard to recover. | Data is less secure and needs additional security. |
Protects data when repairing or disposing of hardware. | Protects data from hackers if they interrupt the communication. |
Provides security against in-person attacks but is expensive. | Provides a smaller surface to attack but gives third parties too much security. |
Best practices include storing encryption keys offline and securing physical hardware. | Best practices includes securing online networks by adding firewalls and filters for phishing and so on. |