Home

atrest

Data at rest, often written as data at-rest, is a term used in information security to describe information that is stored on persistent storage media and is not actively being transmitted or processed. This contrasts with data in transit, which moves across networks, and data in use, which is being processed in memory. Data at rest includes files on hard drives and solid-state drives, tapes, backups, and archived records in databases or content repositories.

Protection of data at rest commonly involves encryption, such as full-disk encryption, file-level encryption, or database

Compliance considerations frequently reference data at rest. Standards and regulations such as ISO/IEC 27001, NIST SP

Limitations exist: encryption at rest protects stored data but not data in transit or in use, and

encryption,
combined
with
strong
key
management.
Other
controls
include
access
controls,
strong
authentication,
least-privilege
policies,
regular
auditing,
and
physical
security
of
storage
devices.
Secure
deletion
and
cryptographic
erasure
are
used
to
render
data
unrecoverable
when
media
is
decommissioned.
Organizations
often
implement
data
classification
to
apply
appropriate
protections
based
on
sensitivity.
800-53,
PCI
DSS,
HIPAA,
and
GDPR
encourage
or
require
safeguarding
stored
data,
particularly
personal
or
financial
information.
In
cloud
environments,
data
at
rest
protection
is
typically
provided
by
the
service
provider
and
customer-managed
encryption
keys,
with
customers
retaining
control
over
access
policies
and
key
rotation.
security
hinges
on
proper
key
management
and
access
controls.
Regular
assessments
and
secure
lifecycle
practices
help
maintain
protection
throughout
data’s
lifetime.