What is data at rest?

Data at rest is the state of data when it is stored, rather than moving from one place to another (in transit) or loaded into memory for use by a software program (in use).

Learning Objectives

After reading this article you will be able to:

  • Define data at rest
  • Differentiate between data at rest, data in transit, and data in use
  • Describe security measures for protecting data at rest

Copy article link

What is data at rest?

"Data at rest" is data currently in storage, typically on a computer's or server's hard disk. Data at rest contrasts with data in transit — also called data in motion — which is the state of data as it travels from one place to another. It also contrasts with data in use — data loaded into memory and actively in use by a software program.

Type Where is it?
Data at rest Storage
Data in transit Traveling over networks
Data in use Memory

Suppose Bob wants to send Alice a picture of a cheeseburger. Bob took the picture on his smartphone, which has stored it ever since — the cheeseburger photo is currently data at rest. Bob views the photo and attaches it to an email, which loads the photo into memory — it becomes data in use (specifically by his phone's photo viewer and email applications). Bob taps "Send," and the email with the attached photo travels over the Internet to Alice's email service; it has become data in transit.

What dangers does data at rest face?

Each state of data — at rest, in transit, in use — faces the risk of discovery or exposure by a malicious party. However, the risks are not the same across all of these states. For instance, data in transit can be intercepted by an unauthorized party, while data at rest cannot, because it does not move.

Data at rest still makes an attractive target for attackers, who may aim to encrypt the data and hold it for ransom, steal the data, or corrupt or wipe the data.

No matter the method, the end goal is to access the data at rest and take malicious action, often with financial gain in mind:

  • Ransomware is a type of malware that, once it enters a system, encrypts data at rest, rendering it unusable. Ransomware attackers decrypt the data once the victim pays a fee.
  • A data breach can occur if data at rest is moved or leaked into an unsecured environment. Data breaches can be intentional, as when an external attacker or malicious insider purposefully accesses the data to copy or leak it. They can also be accidental, such as when a server is left exposed to the public Internet, leaking the data stored within.
  • Unauthorized or excessive access to data at rest also puts it at risk. Attackers may fake or steal credentials to gain access.
  • Physical theft can impact data at rest if someone steals the laptop, tablet, smartphone, or other device on which the data at rest lives.

What is data at rest encryption?

Encryption is the process of scrambling data in such a way that it can only be unscrambled by using a key (a key is a string of randomized values, like "FFBD29F83C2DA1427BD"). Hard disk encryption is the technology used to encrypt data at rest.

Data at rest encryption is like locking away important papers in a safe. Only those with the key can access the stored papers; similarly, only parties with the encryption key can access data at rest.

Encrypting data at rest protects it from negative outcomes like data breaches, unauthorized access, and physical theft. Without the key, the data is useless.

(Note that encryption is also crucial for protecting data in transit. The main technology for encrypting data in transit is Transport Layer Security/TLS — learn more about TLS here.)

How does identity and access management (IAM) protect data at rest?

Restricting who can access data is a crucial part of protecting it. The more people who can access data, the greater the chances of a breach. And without strong access controls, unauthorized parties may be able to alter, copy, steal, or destroy data at rest. In fact, many ransomware attacks use lateral movement to acquire the credentials they need to access, and then alter, data at rest.

Identity and access management (IAM) is the practice of managing a user's identity and what they are allowed to do. IAM helps keep data at rest secure by authenticating users and checking their authorization for viewing and editing data at rest.

Why is protecting data at rest important in cloud computing?

Before the Internet and cloud computing, data at rest was kept on a user's computer or on an organization's on-premise servers. However, as many organizations move to the cloud, data at rest is stored on remote servers managed by an external vendor. Without direct access to the data, organizations that use cloud infrastructure should evaluate their providers' cloud storage security measures and make sure their cloud deployments are configured correctly.

Cloud security posture management (CSPM) tools can help automate the process of identifying security misconfigurations that could compromise data at rest.

Additionally, Cloudflare Zero Trust protects data at rest whether it is stored locally or remotely in the cloud. Learn more about how Cloudflare Zero Trust helps control access, filter out malicious web traffic, and verify devices for better organizational security.