Secure data at rest and transit

Caesar Shift Cipher is named after Julius Caesar is known to encrypt data for communication of military's and official messages. Scytale is also an ancient form of encryption by rearranging the letters. This would require a similar cylinder form of rod to decipher the messages. So encrypting and securing the data is not new and it has been done historically. The scale has changed now and the needs are more than ever in the highly challenging times for cyber security.

Scytale — Ancient way of securing messages

Data is lucrative for cyber crime people. Its a vehicle to get more insights and commodity which is invaluable based on context and usage. Its imperative to protect the data by appropriate encryption to make it unrecognizable. Unprotected data is always vulnerable for attack. So data has to be protected from unauthorized access.

Data in Transit

• On the wire — Communication medium — Network transfer(s)/Wifi
• Data in storage medium — Transported — AWS Snowball, Transport of storage medium

Data in Rest

• Email, FTP Server, File Server
• Available on a File Storage/Network Storage/Database StoragePhysical means such as Paper/Documents

Dangers in accessing data at rest or transit:

• Could have logical structure data and naming conventions
• Could expose PII, Financial Information, etc.,
• Data is replicated and manipulated in virtualized storage environments and frequently “rests” on portable media could be dangerous if falls in wrong hands
• Backup tapes are transferred to off-site storage facilities and laptops are taken home or on business trips all of which increases risk.

How to protect data at Rest?

1. Make sure the storage devices are encrypted
2. Make sure the encryption key are kept in secure way
3. Ensure the storage devices has multiple layers of security before they have access to the device (Always apply principles of least privilege)
4. Establish frequent audit of access to the storage devices
5. Ensure encryption is in par with the latest standards
6. Establish well defined approach/process with audit controls for break-glass admins

How to protect data at Transit ?

1. Ensure the communication between two endpoints are secured using Security certificates
2. Enforce encryption of data in transit even through there is additional payload to it
3. Ensure appropriate rotation of security certificates
4. Secure and manage the certificate keys
5. Use Secure VPN for point-to-point or network-to-network connectivity

So its at rest or in transit or in use lets make sure the data is secure and not available to any body with wrong intent.