Blog Best Practices: Securing Data at Rest, in Use, and in Motion

Best Practices: Securing Data at Rest, in Use, and in Motion

Sensitive business data is more vulnerable today than ever before. Corporate trade secrets, national security information, personal medical records, Social Security and credit card numbers are all stored, used, and transmitted online and through connected devices. The proliferation of valuable data provides cybercriminals with an increasingly wide range of opportunities to monetize stolen information and […]

secure data illustration

Sensitive business data is more vulnerable today than ever before. Corporate trade secrets, national security information, personal medical records, Social Security and credit card numbers are all stored, used, and transmitted online and through connected devices. The proliferation of valuable data provides cybercriminals with an increasingly wide range of opportunities to monetize stolen information and intellectual property. In addition, foreign governments and organized crime rings have embraced hacking as one of their most potent tools. Organizations are also at risk from insider threats and social engineering attacks. A negligent or disgruntled employee can expose confidential information even faster than a hacker if there aren’t adequate safeguards in place to prevent the accidental or intentional release of sensitive data.

Security is critical, but it can’t come at the expense of your ability to complete daily tasks. For over 20 years, DataMotion has led the information security industry in cutting-edge data and email security, providing pre-built solutions and APIs that offer flexibility, security, and ease of use while enabling compliance across industries. In this article, we’ll examine best practices around securing data at rest, in use, and in motion as well as how to conduct a holistic data security risk assessment. We will also show you how DataMotion’s secure messaging and document exchange solutions keep your data platforms safe.

The Three Critical Components of a Total Information Security Strategy

Data needs to be secured in three states: at rest, in use, and in motion. Each state presents unique security challenges.

Data at Rest

Data is considered to be “at rest” when it is stored on a hard drive. In this relatively secure state, sensitive information such as Personal Identifiable Information (PII), Personal Health Information (PHI), and otherwise confidential enterprise data is primarily protected by conventional, perimeter-based defenses such as firewalls and anti-virus programs. However, these barriers are not impenetrable, and a data breach is still possible. Organizations need additional layers of defense to protect sensitive data from intruders in the event that the network is compromised.

Encrypting hard drives is one of the best, most effective ways to ensure the security of your enterprise’s data while at rest. In the event of a data breach, your data will be rendered unreadable to cybercriminals, making it worthless. There are other steps you can take that also help, such as storing individual data elements in separate locations. This extra step greatly decreases the likelihood of attackers gaining enough information to commit fraud or other crimes. One way in which DataMotion mitigates risk in this area is through our zero-trust security approach, which goes beyond perimeter protection, offering high-level data security from the inside out.

Data in Use

We just spoke to the importance of strong data security measures, such as data encryption, when sensitive information is at rest. But data in use is especially vulnerable to theft, and therefore requires additional security protocols. This is because, by the “in use” definition, the data must be accessible to those who need it. The greater the number of people and devices that have access to the data, the greater the risk that it will end up in the wrong hands.

There are two major keys to securing data while in use. The first is to control access as tightly as possible. Not everyone in your enterprise will need access to every piece of data, and there should be data permissions and protocols in place. The second key is to incorporate some type of authentication to ensure that users are who they say they are and aren’t hiding behind stolen identities. This is known as multi-factor authentication (MFA) and can include one small extra step, such as a verification code being sent to an email address or a phone. This small step can be a giant leap toward improved data security.

Organizations also need to be able to easily track and report relevant information so they can detect suspicious activity, diagnose potential threats, and proactively improve security. For example, an account being disabled due to a certain number of failed login attempts could be a warning sign that a system is under attack.

Data in Motion

Data is at its most vulnerable when it is in motion and securing information in this state requires specialized capabilities and strong security. Our expectation of immediacy dictates that a growing volume of sensitive data be transmitted digitally—forcing many organizations to replace couriers, faxes, and conventional mail service with faster options such as email. Today, more than 333 billion business and consumer emails are sent and received every day.1

When you send an email, it typically takes a long and winding journey through the digital infrastructure at enterprises, healthcare organizations, universities, government facilities, and other network locations. Anyone with the right tools can intercept your email as it moves along this path, which is where the need for increased email security and secure email gateways comes in.

There are a number of effective ways to secure data in motion. The best method to ensure that your messages and attachments remain confidential is to transmit them through an easy-to-use data encryption platform that integrates with your existing systems and workflows. This not only prevents careless mistakes, but ease of use helps mitigate risky shortcuts. Users should be able to send and receive encrypted messages directly from their standard email service. More than 29% of organizations place this capability on their email encryption and customer experience ‘wish list’.2

Email is considered the largest threat to data security in most organizations and sending data and documents (especially those containing sensitive information) in an unsecured manner is risky business. Email is vulnerable to a number of types of cyberattacks, including phishing, spoofing, and spam. It is easy for hackers to steal sensitive data while it is en route from Point A to Point B. Encrypting data while in motion is an ideal first line of email security, as encryption will render stolen data unreadable to thieves. In addition to strong encryption, your enterprise should include security controls such as employee security training, secure email gateways (which act as a policy-based filter based on the rules set forth by an admin) and multi-factor authentication.

The encryption service your organization uses should be used for desktops and all user devices with data access. It is also important that the service offers and supports mobile email applications. It is reported that 59% of Millennials check their email using their mobile device3, but more than 39% of organizations currently using email encryption say the number of ways users can securely interact with them is limited.2

How can you further protect your data in motion?

Download our eBook.

How to Conduct an Effective Risk Assessment

Unless your organization has recently conducted a data security risk assessment, the threat of a data breach is probably much larger and more immediate than you realize. Organizations often underestimate their risk because they believe all their sensitive data is contained within a few secure systems. They feel access to this sensitive data is restricted to only those who need it. This is rarely true.

Think about the situation from a workflow perspective. Do employees access corporate systems from their personal devices, or use company-issued devices to work from home? What happens when employees take their laptops on business trips? How is data transferred between devices or communicated to other stakeholders? Have you thought about what your customers or business partners do with sensitive files you send them?

Inevitably, information is going to end up spread across multiple devices and networks with varying degrees of security and risk. Before you can take effective action to mitigate your risk you need to identify where your risks of a data breach lie. You should conduct a thorough security risk assessment, starting with a data and email security review. Such a review will identify vulnerabilities within your organization and where they lie. This assessment should provide answers to core questions, including:

  • What types of sensitive data does your organization store, use, or transmit?
  • Who has access to this data?
  • Where, when, and why are they using it?
  • How is data stored when it is not in use?
  • Is data kept beyond periods stated in your data retention policy?
  • How is access to databases controlled?
  • What mechanisms are used to transport data?
  • What are the pertinent laws, regulations, and standards?
  • How is data shared in collaboration tools?

Once you have a solid grasp of the potential risks, we recommend that you work with data security experts to determine the steps needed to implement a total information security strategy. This strategy will likely include aspects such as a data retention policy, data sharing policy, an incident response plan, and implementing a policy based on the principle of least privilege.

Data vulnerability assessments should be truly holistic and not just look for threats within your organization for an effective risk management strategy. If your vendors have vulnerabilities, then your enterprise does as well. We recommend checking in regularly with your vendors about current and planned security protocols and exploring a vendor consolidation strategy. When checking in or vetting a single vendor as part of a consolidation strategy be sure to ask the right questions about security protocols.

Don’t wait for the risks to your data and email security to make themselves known; by that time, it will be too late to take any effective action.

Summary

Your enterprise data is incredibly valuable to both your organization and cybercriminals. Data security strategy should be high on your business process priority list. Leaving security to chance puts you at risk of joining the long and growing list of organizations that have learned painful first-hand lessons about data security, including Target, Home Depot, Anthem, the Federal Office of Personnel Management, and the National Security Agency.

DataMotion’s platform protects data at rest, in use, and in motion by offering ironclad security that includes military-grade encryption, a governed database, a zero-trust security approach, and data tracking and monitoring. Visit our website to learn more about how we can help your enterprise’s data and email security efforts or contact our team of security experts today for an introductory call.

1. The Radicati Group. “Email Statistics Report, 2021–2025.”
2. DataMotion. “Compliance Issues Plague Customer Engagement: Customer Engagement Trends in Financial Services and Insurance.”
3. HubSpot. “The Ultimate List of Email Marketing Stats for 2022.”