Connect with us

Hi, what are you looking for?


Data Protection

Uncovering the Data Security Triad

Data Must be Protected as it Exists at All Points in the Processing Lifecycle

Data Must be Protected as it Exists at All Points in the Processing Lifecycle

Data is often an organization’s largest and most valuable asset, making it a prime target for all types of adversaries both criminal and nation-state. Nearly every week a new data breach is announced, serving as a consistent reminder that data security matters. In the first half of 2018 alone, 944 breaches led to 3.3 billion data records being compromised. But what does true data security look like? Numerous solutions herald the necessity of and their ability to provide ‘end-to-end protection’ but when we break through the buzzwords, do we have a clear picture of what it means to secure data? 

With attack vectors emerging from every possible angle and attackers becoming increasingly sophisticated, it has become clear that every part of data security matters — from secure data storage, transit, and processing to access control and effective key management. If one aspect is vulnerable, it undermines the effectiveness of the other security measures that have been put in place.

This multi-dimensional risk requires a holistic, data-centric approach to security, one focused on protecting the data itself at all points in its lifecycle rather than concentrating efforts only on its perimeter of surrounding networks, applications, or servers. Organizations must ensure data is secured at all times by: 

1. Securing Data at Rest on the file system, database, or storage technology

2. Securing Data in Transit as it moves through the network

3. Securing Data in Use, while the data is being used or processed

Data Security Triad

Together, these elements form the Data Security Triad, representing the trifecta of protection required to ensure data is secure throughout its entire lifecycle. 

Advertisement. Scroll to continue reading.

At the core of this protection strategy is encryption. Encryption renders data useless to an attacker, making it unreadable and therefore removing its value. Thus, encryption is able to undermine the attackers’ purpose – stealing assets of value – and makes the target infinitely less appealing. 

Experience tells us that if there is data of value at stake, attackers will find a way to find and reach it – we can’t just lock the front door; every point of entry needs to be protected.  Consequently, limiting encryption to only a portion of the Data Security Triad is a dangerous oversight. It is critical to protect data at rest, in transit, and in use.

• Data at Rest: Inactive data stored in any digital form, Data at Rest may be located on the hard drive or in databases, data lakes, cloud storage, or countless other locations. Often thought of as the safest state of data, we typically see perimeter-based technologies and solutions implemented as a first line of defense, with additional layers added depending on the purpose and sensitivity of the data itself. These extra measures include keeping sensitive data encrypted whether stored on premise or in the cloud. Due to the aggregated nature of data storage, Data at Rest is an attractive target for attackers interested in exfiltrating large quantities of valuable data.  

• Data in Transit: Data is vulnerable while in transit, whether moving through a private network, local devices, or a public/untrusted space. It is widely recognized that encrypting Data in Transit is standard practice – it’s typically one of the first areas of focus for a security team as they look to lock down data assets. It’s a must have – and as long as businesses adhere to proper protocols, transport encryption is an efficient and effective line of defense. 

• Data in Use: If the two previously described states of data can be simplistically labeled as the best understood and most solutioned, Data in Use should be referred to as most overlooked. As such, it has quickly become the point of least resistance for an attacker. At the most basic level, the challenge in the Data in Use arena is tied to a lack of recognition of the problem itself. The vulnerability has been ignored in part because some in the security world incorrectly assume that protecting Data at Rest and Data in Transit means their work is done. However, the increasing sophistication of attackers coupled with the foundation-rattling disclosures regarding flaws in the processing mechanisms of ubiquitous computer chips requires that businesses of all sizes open their eyes to the importance of protecting Data in Use. Data is most valuable when we’re using it to extract insights, which can be accomplished by executing searches or analytics to deliver critical information. Beyond access controls and user authentication, which are important parts of any security plan, there are a variety of commercially available solutions and technical methods being used to combat this vulnerability including homomorphic encryption, secure multiparty compute, and secure enclave technologies. 

We know attackers are evolving and our security practices must evolve as well. Protection schemes must recognize and secure data as it exists at all points in the processing lifecycle, whether at rest, in transit, or in use.   

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn about active threats targeting common cloud deployments and what security teams can do to mitigate them.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.


The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Data Protection

While quantum-based attacks are still in the future, organizations must think about how to defend data in transit when encryption no longer works.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.