Data breaches have become one of the biggest risks any business faces in the current era. These incidents aren’t only costly to recover from financially, but they can have a huge impact on a firm's reputation, and can take months or even years to fully recover from.
According to IBM, the average expenses related to an incident reached $4.24 million in 2021 - the highest figure ever recorded in the 17-year history of its report. It cited increased remote working as a key factor in this, while also noting that compromised user credentials are the most common attack vector for these breaches.
With people increasingly looking to access data remotely, it's more important than ever for mission-critical data and personally identifiable information to be kept safe at all times. However, this is no simple task. Data has different security needs depending on where it is and how it's being used, so you need a range of solutions to keep it safe throughout the business.
Understanding the different states of data
The two primary areas where you need to protect data are when it's at rest and when it's in motion - also referred to as data in transit.
Data at rest refers to any information that's not currently being accessed or transferred. It includes files on a hard drive within the business, data left in storage area network archives, database records or files stored on the servers of an offsite backup or cloud service provider.
By contrast, data in motion is any file being transferred from one location to another. This ranges from email messages and attachments to FTP transfers and data uploaded and downloaded to a device via wired or wireless connections.
You should also be aware of a third state - data in use. Protecting this data again offers up a very unique set of challenges, as this is often where data is most vulnerable. Issues such as encryption and access control take on a different complexion in this state, as some of the toughest protections will need to be removed in order for information to be used.
However, the majority of your data will spend its time either at rest or in motion, and this is usually where criminal elements will target their efforts. Therefore, it's essential to have a strong understanding of how these two very different states of existence compare, and what unique challenges they present.
Protecting data at rest
Data at rest is where your vital information will spend most of its time, so you need a few key technologies in place to protect this. These include:
- Encryption: The single most important solution for protecting data at rest, full encryption ensures that even if records are compromised, hackers will be unable to read them. Within this, there are a few different options to consider, including full-disk encryption or file-level encryption, which each have their uses for certain situations.
- Access control: Preventing unauthorized access is another key component of protecting data at rest. Solutions such as two-factor authentication, strong password policies and full monitoring services that can send alerts for any suspicious behavior in real-time are all valuable.
- Securing hardware: Access controls should also extend to physical security, whether it’s controlled access to server rooms or having policies in place to protect data stored on mobile devices or laptops, such as automatically wiping data in the event of loss or theft.
There are a range of challenges associated with protecting data at rest. For instance, it can be difficult simply to keep track of where all of a business' data is, what protections it has in place and what regulatory requirements, if any, apply to it.
Users also need to pay particularly close attention to any data held in cloud storage. While most providers offer robust encryption protection, the decryption keys for this will be owned by the storage provider and not by the companies that use their services, meaning they may have less control over their data.
Learn more: 5 Encryption Mistakes Every IT Security Pro Falls For
Protecting data in transit
Protecting data when it's on the move, however, comes with a different set of challenges. This is often when data is at its most vulnerable, as it’ll be traveling through a variety of networks that may not all have the same standards of protection, offering criminals a multitude of ways to step in and intercept it.
While the same principles, such as encryption and access control, still apply, how they're implemented in order to protect data without compromising on usability may be very different.
For instance, encryption tools for emails can be hugely useful when sharing confidential data, but this is often now as simple as encrypting data at rest. For this to be useful, the recipient of the email will need the right decryption key in order to view the contents.
As more business takes place remotely - either at employees' homes or via mobile devices on the move - it's increasingly important for data to be protected using end-to-end encryption technologies.
This adds an extra level of complexity to the process, but without it, anyone may be able to intercept the data and read it freely, leading to questions about which data needs the highest level of protection. While applying tough encryption to all data is the safest option, this must be balanced against the practical need for easy access. Therefore, auditing data to determine what data will be most vulnerable in motion is crucial.
Further reading:
- 2021 Data Protection Report
- How to Create a Successful Cybersecurity Plan
- The Hybrid Workplace is Here. But What are the Potential Security Risks?
Access the latest business knowledge in IT
Get Access
Comments
Join the conversation...