Features, Insight, Opinion

Data at Rest vs Data in Motion: Understanding the need for encryption to protect sensitive information

Written By Antoine Harb, Team Leader, Middle East, Kingston Technology

There is no denying that the protection of digitally stored data is of utmost importance, whether the company is based in the healthcare industry, energy providers, financial institutions, automotive sectors, or any other sort of business in the industry.

And with the emerging threats of cyberattacks, companies are urged to take the necessary measures to protect different states of data and this includes “data at rest” and “data in motion”. Before deploying security measures, it’s important to understand the difference between these two states of data.

Data in motion, also commonly known as data in transit, is basically the data that is transferred between two different locations or devices, whether it’s within a private network, through the internet, or with the use of removable storage devices. The daily activities that occur within a company such as sending emails, and transferring data from your smartphone or an office PC to cloud-based applications, etc., all fall under the data in motion category.

However, when it comes to cyber security, the data is vulnerable if it’s not properly secured. The unprotected data can be captured and compromised by unauthorised users or malicious programs. This is where the importance of end-to-end encryption comes to play. By encrypting the files transmitted, the data is basically unreadable for cybercriminals.

Companies are advised to make use of industry-proven applications that use FIPS-compliant encryption standards and employees should follow strict policies which include the use of only company-approved apps on office systems and smartphones. Large organisations are also encouraged to add extra layers of security policies that define the type of data that can be accessed and sent over the network for each employee to prevent any misuse or theft of sensitive data.

While data in motion involves the information traveling between different locations, data at rest is basically digital information that is stored at a single location such as office-owned desktop or laptop SSDs, smartphone memory, or even archived in external backup drives or data servers.

A great example of data at rest relates to large organisations that often make secure backups of critical files such as spreadsheets, sales figures, project files, pitch ideas, employee salaries, and customer information on servers. Companies can choose to have the servers on-premises or to use a secure cloud-based solution, depending on their infrastructures and resources available.

“Many companies rely on solutions that offer the swift, smooth, and secure transition of operating systems while allowing localised back-up of user and company data”.

For both data at rest and data in motion, it is always recommended to transfer the files or make backup copies with secure storage solutions that feature encrypted hardware. The Kingston IronKey Keypad 200 is an excellent and secure USB drive that offers FIPS 140-3 Level 3 (pending) certified military-grade security and XTS-AES 256-bit hardware-based encryption. The device features a special physical keypad to enter the passphrase and unlock it before plugging it into any system, ensuring that the data at rest remains secured.

“Keeping data safe is critical, especially the data that exists locally with your employees. Encrypted USBs can be very effective here, helping ensure that sensitive data can be stored and transferred as securely as possible. Secure data backups are essential for any small and medium enterprise. Remember, malicious threats and hackers don’t always want to steal your data, but sometimes use ransomware where the end-goal is to encrypt or erase it. Data recovery resilience is key”, said Antoine Harb, Team Leader Middle East for Kingston Technology.

While SSDs help to boost the performance of office desktops and laptops, it’s recommended to use internal drives with robust security. The Kingston KC600 SATA SSD is the preferred choice here, featuring the Self-Encrypting Drive (SED) functionality and support for AES 256-bit encryption, TCG Opal 2.0, and eDrive. Companies can also consider using encrypted external SSD  for data at rest. One such device is the Kingston IronKey Vault Privacy 80, a FIPS 197 certified and XTS-AES 256-bit encrypted external SSD that uses a TAA-compliant and CC EAL5+ certified secure microprocessor.

Whether employees of a company are working in a hybrid working environment, working from home, from a remote location, using a mobile device, or at the office premises itself, strong and proven encryption solutions for data should be adopted, and this applies to both data at rest and data in motion for small, medium and large-scale organisations.

Previous ArticleNext Article


The free newsletter covering the top industry headlines