<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1678611822423757&amp;ev=PageView&amp;noscript=1">

Encryption At Rest Isn't Good Enough

Jeff Edwards| July 01 2019

| security, IT insights, Encryption, managed file transfer


There are basically two ways to keep data out of the hands of hackers. One is to protect every endpoint leading to it, making it essentially inaccessible. The other is to encrypt the data, so that even if hackers get to the document they cannot read it. But where should encryption be applied?

For many organizations, encryption is a requirement wherever sensitive data resides on their network. But what happens when that data leaves the network, or moves to another location? Is caution thrown to the wind?

In this article, we’ll demonstrate why Encryption at rest isn’t always enough to secure sensitive data.

But first, let’s get some pesky definitions out of the way.

Data at Rest vs. Data in Transit

This is a relatively simple definition, as far as cybersecurity terms go—Data at rest is data that is sitting, i.e. resting, in one place. Any data that is not actively moving from one place to another, such as device to device or network to network, is considered data at rest. On the other hand, Data in transit, or data in motion, is data that is moving from one location to another, whether from device to device, or across a private network or the internet. Pretty basic, right?

Why Encrypt Data at Rest?

For many companies that already have robust security controls in place, it can seem like a moot point to encrypt data resting on your servers. After all, what’s the point of encrypting all that data and slowing things down when someone needs to retrieve it if a hacker could never get to it in the first place?

Want to know the difference between PGP, OpenPGP and GnuPG? Download our free  Encryption Handbook now!

Free Trial of MOVEit

This is dangerous thinking, though. Ask any security pro, and they’ll tell you that no network is truly safe. Even if you have a firewall and stringent network access controls in place, it’s unlikely that you can be 100% successful in keeping bad guys off of your network. Even if your company is using a firewall, a DMZ, and a reverse proxy, you're still connected to the outside world. And that’s why it’s essential that any data that can possibly leave your network should be encrypted at rest.

When you encrypt data at rest, you make a hacker's job a lot harder. Any successful hacker would not only have to break into a server, but they would also have to break the encryption or find the key to decrypt the data. This will make their task exponentially longer, or even near impossible.

But data isn’t only vulnerable when it’s at rest, in fact it can be an even easier target when it’s in transit.

Why Encrypting Data in Transit Matters

Not only is it important to encrypt data as it rests on your home server, but it's equally important to encrypt data as you transfer files from one server to the next—i.e., data in transit.

Any time data is traveling over a network—whether local, across the internet, or from local storage to cloud storage, there is some risk that it could be intercepted by a third party, read, and stolen. So, it stands to reason, that if you are simply encrypting data at rest, say via the automatic encryption on an Amazon S3 bucket, but are transferring it to that bucket unencrypted, that data is exposed at the most vulnerable stage of its lifecycle.

To combat that risk, it's essential to use end-to-end encryption that covers both data at rest and in transit when moving sensitive data.

While simple FTP was once enough, modern IT teams need more secure infrastructure that can mix the ease-of-use of Enterprise File Synchronization and Sharing (EFSS) solutions like Dropbox with the reliability of FTP like WS_FTP, as well as end-to-end encryption.  This is where managed file transfer (MFT) can help.

If you're really serious about securing your data, a managed file transfer system (MFT) is one of the best investments you can make to ensure secure communications and file transfers.

managed file transfer

Topics: security, IT insights, Encryption, managed file transfer

Leave a Reply

Your email address will not be published. Required fields are marked *


Jeff Edwards is a tech writer and analyst with three years of experience covering Information Security and IT. Jeff has written on all things cybersecurity, from APTs to zero-days, and previously worked as a reporter covering Boston City Hall.

Free Trials

Getting started has never been easier. Download a trial today.

Download Free Trials

Contact Us

Let us know how we can help you. Focus on what matters. 

Send us a note

Subscribe to our Blog

Let’s stay in touch! Register to receive our blog updates.