ENCRYPTING DATA AT REST & DATA IN MOTION
Not all data is created equal. When thinking about protecting your data it can be easy to assume that all data is the same and that it requires the same sort of encryption. In reality, though, the data you interact with can be separated into two general categories: data in motion and data at rest. These two categories encompass the wide variety of data interacted with and collected. Understanding the difference between these two sorts of data can help a company determine what sort of security is required to protect it and what sort of processing systems would be ideal to gain the benefits of data without allowing for vulnerabilities.
Data in motion refers to data moving across the internet or a private network and data which offers opportunity for real-time analytics. This includes data which is collected on a continuous basis (i.e. GPS tracking) and data which is being actively shared (i.e. messages in motion over an internet messaging system or a private system). Data at rest refers to data that is not in movement and is batch collected on a hard drive, laptop, or some other archive system (i.e. passwords or collected messages).
It is not uncommon to hear of companies valuing the protection of their communications (data in motion) more highly than their collected and stored data. This is undoubtedly because communications are often deemed more immediately vulnerable. However the stored data is a more crucial security threat due to its potential for massive fallout. A hacker who wants to access data will be less likely to attempt to access in motion communication and will favor accessing large data storage sites.
In the end, if both categories of data are not properly encrypted and protected, a company will be at immediate risk from attackers.
ENCRYPTING ALL DATA
Cryptography, the practice of coding and encrypting data, was initially designed in consideration of data in motion. It was invented to protect communications and this is how data encryption has been used for much of its history. However, as technology has advanced larger collections of stored data (data at rest) have accumulated and are protected by encryption keys.
Because much of the data being stored on the internet is being stored for use by other computers and systems, the keys used to access it must also be stored on the internet as well. This has created the potential for a significant vulnerability. Encryption keys are pinpointed as a way to breach even the most secure and encrypted systems. The encrypted data at rest is only as secure as the keys to access it.
It has become increasingly valuable, and perhaps one of the most foremost challenges of data security today, for companies and individuals to protect the API encryption keys which allow access to the encrypted data. A third party API encryption management system, like Lockr provides, exists to answer this immediate and significant dilemma. Lockr takes the responsibility for your API encryption keys, storing them offsite and keeping them safe from attacks.