What is data at rest encryption (DARE)?

Data at rest encryption

Data at rest is data stored on the computer, such as archival or reference files. Compared with data in transitActive data that is moving from one location to another, data at rest does not move across networks, and instead stays inactive. We refer to the encryption of such data as data at rest encryption (DARE).

The need for DARE

Data at rest is much more attractive to hackers than data in transit. This is because data at rest usually contain sensitive information stored in a database, file, disk, or cloud. Sensitive information may include the following:

  • Financial credentials
  • User identification numbers
  • Healthcare data
  • Contracts
  • Intellectual property

DARE is essential for the organization to:

  • Prevent hackers from using the data, because they can't access encrypted data without the decryption key
  • Limit the effect of a cyber attack
  • Keep sensitive data safe in case of accidental loss or theft
  • Protect users' crucial information of users, such as financial credentials

How DARE works

We must classify our data and identify the sensitive data that requires encryption. It is not a good idea to encrypt all the stored data, as this can slow down operations and impact application performances.

We use encryption to protect the data's privacy and keep it secure. The encryption process translates plain text to cipher text using a key. Cipher text does not make sense to whoever accesses the data unless they have the key to decipher it back to plain text.

DARE uses symmetric encryption, where the same key is used to encrypt and decrypt data. Only users who have access to the key can access the data.

Working of symmetric encryption

Encryption is as reliable and secure as the key itself. Therefore, it is essential to choose a strong key. In addition, it is highly crucial to keep the key safe.

Note: We should not store the key and the encrypted files on the same location. Otherwise, hacker can access the key and easily decrypt the data.

Example

An example of data at rest is customer information stored in a database. The user information includes sensitive data, such as their financial logins. It is ideal to encrypt such data.

In the case of a data breach, the hacker is unable to understand the stored encrypted data. Hence, the data remains secure with the organization.

Types of DARE

We can deploy DARE at four different levels:

  • The application: The application that generates and modifies the data is also responsible for encrypting it.
  • The file system: We encrypt the entire file system and its folders.
  • The database: We encrypt the entire database, or parts of it.
  • The full disk: We encrypt the entire hard drive.

Note: Full disk encryption only works for a new disk. Encrypting the existing disk can wipe out all data from it.

Copyright ©2024 Educative, Inc. All rights reserved