The state of data is an important security consideration. In this video, you’ll learn about data at rest, data in transit, data in use, and more.
The first state of data that we’ll look at is data that is stored on a storage device. This would be a hard drive, an SSD, a flash drive, or anything else that you have that stores data. We refer to this as data at rest. Any data that is saved on one of these storage devices is referred to as data at rest. Even if the data is not encrypted, it is still considered data at rest.
Of course, if you are saving data on one of these storage devices, you may want to include some level of encryption. This could be full disk encryption where everything on the storage device is encrypted. Maybe you’re only encrypting certain bits of data that you’re storing in a database. And of course, your operating system can also provide a way to encrypt individual files or entire folders.
Now that this data at rest is stored on these devices, we can then apply different rights and permissions to limit who might have access to that data at rest. In your operating systems, you can usually assign individual rights or group level rights and then assign permissions on what type of access a person might have to any of this data at rest.
If you’re transferring information across the network, we refer to that data as data in transit. Sometimes, you’ll hear this referred to as data in motion. If the data is not encrypted as it’s traversing the network, then there’s relatively little to protect it from somebody tapping into that network link and being able to see your data inside. So as it goes through switches, routers, firewalls, and other devices, you want to be sure that you’re either providing the proper level of encryption or using other types of security.
One way to protect this data in transit that’s going across your network is to use a firewall or an intrusion prevention system. This allows you to set policies that would allow all good traffic to pass through but prevents anything that may be unknown or unusual from traversing the network.
If you’d like to add additional security to this data in transit, then you can take advantage of some encryption technologies. One of these might be TLS that we use to encrypt information that’s going back and forth to a web server. And if you’d like to encrypt all traffic that you’re sending across the network, you might want to use a VPN like a site-to-site VPN taking advantage of IPsec, or the Internet Protocol Security.
To be able to work with data inside of our computers, we have to pull that data from some storage device such as a hard drive or an SSD, bring that data into memory, and then manipulate that data using our CPU. When that data is in the memory of your system or it’s being actively processed inside of your CPU, we refer to that as data in use. If you were to look at data that’s inside of your RAM or inside of your CPU, it is almost always decrypted or in a non-encrypted form. That’s because we need to be able to see the data to be able to perform operations on that data. That’s why attackers like to go after data in use because they know, if it’s in RAM, it’s probably in a format that’s easily readable.
An example of an attack against data in use occurred in November of 2013 with the Target Corporation. The attackers put code on every point-of-sale terminal in the Target network and were able to retrieve 110 million credit cards from the memory of those terminals. Target, of course, was using encryption for all data in transit, and they were encrypting also all the data at rest. But since the attackers were focusing on the data in use, they were able to gain access to these credit card numbers without any type of encryption being used.
If your organization stores data anywhere in the world, then you’ve probably run across the issue of data sovereignty. Data sovereignty refers to information that you’re storing inside of a country and, therefore, all of the laws and rules in that country would apply to that data. This is especially important if there are particular rules or regulations within that country that need to be followed for that data. And if there are any legal proceedings or any type of court orders, they will follow the laws of that particular country.
You also have to consider any laws that may dictate where the data itself should be stored. For example, the General Data Protection Regulation, or GDPR, is a European Union regulation. And it dictates that any data that you’re collecting on EU citizens must also be stored in the EU.
There are also many other important legal considerations that are part of the GDPR. And if you’re in the EU, it’s an important regulation to become familiar with. So if you work for an organization that’s in one of these geographies or you have offices around the world, you may want to consider what the individual rules are regarding this data sovereignty for that particular geography.
Another useful piece of information when managing states of data is where that data happens to be and where the user happens to be. And one way that you can tell this information is by using geolocation. Geolocation involves a number of different technologies to determine where someone may be located.
For example, it could use GPS, but it can also take advantage of 802.11 information and details that might come from a mobile provider. Once a particular user’s location has been identified, you can use that information to determine what type of access a user might have to data. For example, you may have seen this type of access associated with streaming media. If you try to watch a television channel from another country, you may get a message that you’re prohibited because you’re not currently located in that country.
We can even provide different levels of control of this data depending on someone’s geolocation. For example, if we can determine that they’re inside of a corporate building, we may allow them additional access to data than what they might have if they’re outside the building.