How encryption can be used to protect data throughout its lifecycle (data-at-rest, data-in-transit, data-in-use)

Encryption can be used to protect data in all three of its states:

  • Encryption-at-rest: Encrypts data stored in servers and/or in databases. In the case of data exfiltration, or if the network/systems are compromised, the data will remain encrypted.
    Example: AES , DES, and Triple DES.
  • Encryption-in-transit: Encrypts traffic between two entities or systems. It protects against MITM or sniffing, where even if the communication is intercepted, it becomes useless. Encryption is done at the transport layer. Upon receiving the message, the endpoint is authenticated, then data is decrypted and verified.
    Example: TLS or Transport Layer Security is often used for encryption in transit
  • Encryption-in-use: Protects the data while it is being used to run analytics or computation.
    Example: Format Preserving Encryption