Data at rest is the state of data when it is stored, rather than moving from one place to another (in transit) or loaded into memory for use by a software program (in use).
After reading this article you will be able to:
Related Content
Subscribe to theNET, Cloudflare's monthly recap of the Internet's most popular insights!
Copy article link
"Data at rest" is data currently in storage, typically on a computer's or server's hard disk. Data at rest contrasts with data in transit — also called data in motion — which is the state of data as it travels from one place to another. It also contrasts with data in use — data loaded into memory and actively in use by a software program.
Type | Where is it? |
---|---|
Data at rest | Storage |
Data in transit | Traveling over networks |
Data in use | Memory |
Suppose Bob wants to send Alice a picture of a cheeseburger. Bob took the picture on his smartphone, which has stored it ever since — the cheeseburger photo is currently data at rest. Bob views the photo and attaches it to an email, which loads the photo into memory — it becomes data in use (specifically by his phone's photo viewer and email applications). Bob taps "Send," and the email with the attached photo travels over the Internet to Alice's email service; it has become data in transit.
Each state of data — at rest, in transit, in use — faces the risk of discovery or exposure by a malicious party. However, the risks are not the same across all of these states. For instance, data in transit can be intercepted by an unauthorized party, while data at rest cannot, because it does not move.
Data at rest still makes an attractive target for attackers, who may aim to encrypt the data and hold it for ransom, steal the data, or corrupt or wipe the data.
No matter the method, the end goal is to access the data at rest and take malicious action, often with financial gain in mind:
Encryption is the process of scrambling data in such a way that it can only be unscrambled by using a key (a key is a string of randomized values, like "FFBD29F83C2DA1427BD"). Hard disk encryption is the technology used to encrypt data at rest.
Data at rest encryption is like locking away important papers in a safe. Only those with the key can access the stored papers; similarly, only parties with the encryption key can access data at rest.
Encrypting data at rest protects it from negative outcomes like data breaches, unauthorized access, and physical theft. Without the key, the data is useless.
(Note that encryption is also crucial for protecting data in transit. The main technology for encrypting data in transit is Transport Layer Security/TLS — learn more about TLS here.)
Restricting who can access data is a crucial part of protecting it. The more people who can access data, the greater the chances of a breach. And without strong access controls, unauthorized parties may be able to alter, copy, steal, or destroy data at rest. In fact, many ransomware attacks use lateral movement to acquire the credentials they need to access, and then alter, data at rest.
Identity and access management (IAM) is the practice of managing a user's identity and what they are allowed to do. IAM helps keep data at rest secure by authenticating users and checking their authorization for viewing and editing data at rest.
Before the Internet and cloud computing, data at rest was kept on a user's computer or on an organization's on-premise servers. However, as many organizations move to the cloud, data at rest is stored on remote servers managed by an external vendor. Without direct access to the data, organizations that use cloud infrastructure should evaluate their providers' cloud storage security measures and make sure their cloud deployments are configured correctly.
Cloud security posture management (CSPM) tools can help automate the process of identifying security misconfigurations that could compromise data at rest.
Additionally, Cloudflare Zero Trust protects data at rest whether it is stored locally or remotely in the cloud. Learn more about how Cloudflare Zero Trust helps control access, filter out malicious web traffic, and verify devices for better organizational security.