Data encryption at rest, in transit, and in use
1. Data encryption at rest, in transit, and in use
Data encryption protects your data at rest, in use, and in transit data. But how does at rest encryption work? In this video, we’ll explore encryption techniques for the three states of data. Remember, data at rest is any data that is not currently being accessed. Data at rest needs to be encrypted to be secure. Data encryption is the process of converting data from a readable format to an encoded format. For example, a readable format might be a plain text email. And, an encoded format might be scrambled text and symbols that don’t make any logical sense to a reader. The Advanced Encryption Standard, or AES is the world standard encryption tool that helps protect data at rest. AES is a tool that converts data to unintelligible cybertext and back into its original form with the proper key. This means that AES encrypts information while at rest, and this information can only be unencrypted with a key. Encryption helps keep data protected with data encryption keys, or DEKs. Even if an attacker gets access to the data storage, they won’t be able to read any of it without the appropriate keys. Another way to protect data at rest is to break it into chunks for storage. Each of these chunks get their own DEKs. Each time a chunk is updated, it gets a new encryption key. Because there are a variety of keys that change regularly, the risk of an encryption key compromise is reduced or eliminated. It’s not just data at rest that needs to be protected. Data in transit also needs to be protected by encryption. You can use Transport Layer Security or TLS to encrypt data in transit to keep it secure. TLS is a security protocol that encrypts data transmitted between two communicating applications. TLS is often used to encrypt data sent over the Internet to ensure that unauthorized users are unable to read what has been transmitted. This is critical when transmitting private and sensitive information, such as passwords, credit card numbers, and personal correspondence. For example, say you’re using a mobile banking app. If you transfer money to another account or pay a bill with the banking app, TLS will help to ensure that your sensitive information -like your account number- is transmitted securely over the internet when you make the transfer. Encrypted data is useless to any attackers, because they’re not able to read it. Lastly, you will need to encrypt data in use. Confidential computing is one way to do this. Confidential computing is the protection of data in use with hardware-based Trusted Execution Environment, or TEE. To encrypt data, a TEE offers a secure and isolated environment that prevents unauthorized access, or modification of applications and data, while they are in use. A TEE is secured through embedded encryption keys and only authorized code can utilize these keys. Now that you know how different types of data encryption protect data at rest, in transit, and in use, you will be able to help secure different states of data as a cloud security professional.2. Let's practice!
Create Your Free Account
or
By continuing, you accept our Terms of Use, our Privacy Policy and that your data is stored in the USA.