How encryption can be used to protect data throughout it’s lifecycle (data-in-rest, data-in-transit, data-in-use)?

Encryption can be used to protect data in three states:

  • Encryption at rest encrypts data stored in servers and/or in databases. In the case of data exfiltration, or if the network/systems are compromised, the data will remain encrypted.
    Example: AES is widely used for encryption at rest. It may also include DES and Triple DES.
  • Encryption in transit encrypts traffic between two entities or systems. It protects against MITM, or sniffing, where even if the communication is intercepted, it becomes useless. Encryption is done at the transport layer. Upon receiving the message, the endpoint is authenticated, then data is decrypted and verified.
    Example: TLS or Transport Layer Security is often used for encryption in transit
  • Encryption in use protects the data while it is being used to run analytics or computation.
    Example: Format Preserving Encryption.