Was bedeutet „Data at rest encryption“ bzw. „Data at transit encryption“?

Quellenangaben: digitalguardian.com; alertboot.com

What Is Data At Rest Encryption?

Data at rest encryption basically means protecting data that’s not moving through networks.  The protection in this case is offered via encryption.

The easiest way to answer this question is to explain what „data at rest“ means.

Data at rest refers to data that is not „moving.“  For example, information on your laptop is considered data at rest.  Sure, your laptop is a mobile device, so it’s natural that the laptop and its content will be moving at some point.  However, as long as the data is not moving off the laptop’s hard disk drive, it’s considered data at rest.

If you copy the data to a USB memory stick, then you’ve got two sets of data at rest: one on the laptop’s hard disk, one on the USB memory stick.

Conversely, data moving through networks are not considered to be data at rest.  For example, if you send an e-mail, that’s not data at rest.  If the e-mail is received and archived, then it’s data at rest.

As you can see from the above example, whether data is at rest or not depends on what that data is doing.

Why the classification?

Not quite sure why data is classified as at rest or otherwise(Updated 24 May 2011: see below, next section).  It may be because, depending on what type of encryption you use, your data may not be adequately protected.

Take full disk encryption as an example.  Full disk encryption encrypts the hard drive completely: Anything saved on an encrypted hard drive will be protected automatically…as long as it resides on the drive.

To clarify that last point, if you copy a file off the encrypted hard drive or e-mail it to someone, that information will not be encrypted anymore.  A copy of the file left behind will still be protected, since it’s still on the hard drive; however, the new file that was copied over will not be.

If you will, it’s like paper documents: a classified report placed in a locked vault is protected.  Take it out and it’s not so much.

If you’d like encryption that moves with the file, you need to use file encryption software.

So, depending on whether your data is at rest or not, you’ll need to invest in the right type of encryption software.

Definition of data in transit vs. data at rest

Data in transit, or data in motion, is data actively moving from one location to another such as across the internet or through a private network. Data protection in transit is the protection of this data while it’s traveling from network to network or being transferred from a local storage device to a cloud storage device – wherever data is moving, effective data protection measures for in transit data are critical as data is often considered less secure while in motion.

Data at rest is data that is not actively moving from device to device or network to network such as data stored on a hard drive, laptop, flash drive, or archived/stored in some other way. Data protection at rest aims to secure inactive data stored on any device or network. While data at rest is sometimes considered to be less vulnerable than data in transit, attackers often find data at rest a more valuable target than data in motion. The risk profile for data in transit or data at rest depends on the security measures that are in place to secure data in either state.

Protecting sensitive data both in transit and at rest is imperative for modern enterprises as attackers find increasingly innovative ways to compromise systems and steal data.