Do You Really Need Data-at-Rest Encryption if the Data Stays on Your Local File Servers?

When you want to ensure the highest level of security for the data stored on your organization’s servers, you need to encrypt that data. Employing data-at-rest encryption protects your data from being viewed by unauthorized users – including any cybercriminals who breach your system.

What Does Encryption at Rest Mean?

The phrase encryption at rest, sometimes called data-at-rest encryption, has a specific meaning. It all hinges on whether your data is stored in one place or being transferred.

Data at Rest and Data in Transit

Your company’s data is either at rest or in transit. Data at rest refers to information maintained on the company’s servers but does not communicate with other applications. It has a fixed location and isn’t going anywhere. Data-at-rest can is only available to approved users and is typically secured using various methods, including passwords, firewalls, and anti-malware utilities.

In contrast, data in transit (sometimes called data in motion) is that data moves from one place to another. It can refer to data that is literally in motion – that is, transferring data in real-time via file transfer, email, or other forms of communication. It can also refer to stored data at this moment but is used daily, either by individual users or third-party applications – that is, your most-accessed data.

Think of data at rest, then, as data in longer-term storage and data in transit as data that are frequently moved or accessed.

Which is More Secure?

Data in transit is inherently less secure than data at rest. Data-in-transit can be intercepted at three different points – at the source, at the delivery point, and anywhere in between. However, data at rest is easier to protect because it doesn’t move from one location to another.

How Encryption Works

Encryption is a way of protecting your data. It works by scrambling that data in a way that anyone viewing the file wouldn’t be able to read it. This scrambled or encrypted data is thus totally useless to anyone accessing it without proper permission – including cybercriminals.

To unscramble and view the data, you need the appropriate decryption key, which is essentially a digital file that contains the information necessary to unlock the encrypted data. Without the proper decryption key, an encrypted file is unreadable. When unlocked by the decryption key, the file is returned to its original unscrambled condition.

What Kinds of Data Can You Encrypt?

You can encrypt any type of data at rest. Encryption is commonly applied to the most valuable or sensitive data stored by an organization, such as customer records, credit card data, employee HR records, confidential reports and plans, and the like. You can encrypt document files (such as Microsoft Word and Google Docs documents), spreadsheets, presentations, even image files.

Encryption at Rest vs. In Transit

Encryption at rest is any form of encryption that you apply to data at rest. The digital file is encrypted with a unique digital key, and that key is given only to those authorized to access the data. When someone with the proper permission wants to read the file, the decryption key is applied, and the file is decrypted for that person’s use. Anyone else trying to access the file won’t be able to read it.

Data in transit is more difficult to encrypt. It requires encryption at the source, at the destination, and during transit. Full encryption for data in transit is called end-to-end encryption.

What Happens If Data is Not Encrypted?

The Ponemon Institute’s 2021 Global Encryption Trends Study reports that only 42% of companies encrypt their customer data. What can happen if a cybercriminal attacks a company that does not encrypt its data? Assuming the malicious actor gets through any security protections that may exist, unencrypted data is just waiting to be accessed by a malicious actor. Suppose a hacker has access to information that is not encrypted. In that case, he can read that data, download (steal) that data for future use, encrypt the data and hold it for ransom (that’s how ransomware works), or delete the information completely. If data is encrypted, a hacker can’t read it even if he’s able to break into your system. If the data is not encrypted, however, all bets are off.

However, if anyone can breach your data server, this is the worst-case scenario. If your company uses sufficient cryptography for its local servers, unauthorized users will never access the data, so encryption isn’t needed.

Most data breaches today involve either remote workers or cloud storage services. The instant data leaves your company’s physical possession – and protection – it is at higher risk of attack from cybercriminals. Infosecurity Group eports that 80% of U.S. companies have experienced a cloud-based security breach in the past 18 months. Half of those companies experienced ten or more cloud-related breaches.

What Are the Benefits of Encrypting Data at Rest?

Data at rest encryption is simply another layer of protection from malicious users. It protects against any cybercriminals hacking into your system from being able to read and gain use of your data files. It also keeps your data secure if your system is accessed by any third parties, such as when disks and other equipment are repaired.

Is Encryption at Rest Necessary?

Data at rest encryption can help secure your valuable data, but it isn’t always necessary. If your data stays on your local on-premises file servers and if you adequately protect those servers against unauthorized access, the risk of that data being breached is relatively low. A greater risk occurs when data is transferred to and stored on cloud-based servers, or when remote users have unfettered access to your centrally stored data.

The key is to keep your data on your local server and adequately protect that server. For example, Triofox creates a cloud layer around your on-premises file servers that provides secure data access for authorized remote workers but does not send your data into the cloud. It enables you to keep your data secure on your local servers and reduces the need for data encryption. Triofox’s cloud backup repository provides both data protection and business continuity.

Triofox also minimizes the need for data-in-transit encryption. That’s because the only way to access data stored on Triofox servers is via Triofox clients. Any malicious actor trying to intercept data in transit from a Triofox server will only see a series of junk characters.

Does GDPR Require Encryption at Rest?

Companies in Europe or partners dealing with European customers must adhere to the General Data Protection Regulation (GDPR). GDPR was designed to protect the privacy of European citizens and contains necessary regulations that companies need to comply with. Is encrypted data at rest required by GDPR? The answer is no. GDPR does not explicitly mandate the use of encryption either for data at rest or data in transit. It mentions encryption as one way to mitigate risk and ensure a necessary level of security but doesn’t require companies to employ encryption. If your organization can protect customer data without utilizing encryption, as with the Triofox solution, that’s good enough to meet GDPR requirements.

Data Encryption in the World of COVID

Many companies were forced to shut their offices and send their workers home to work remotely when the COVID-19 crisis hit a year ago. These newly remote employees still need access to company data, but they are no longer connected to the corporate network directly.

Risks of Remote File Access

For the past year, work-from-home employees have had to access sensitive work data remotely, in many cases using their personal devices and home wireless networks that have increased the risk of data breaches, with malicious actors trying to intercept data in transit and hack into workers’ home devices. According to Malwarebytes, this risk is real; a fifth of all enterprises report that they’ve experienced security issues caused by remote workers since the start of the COVID-19 lockdown.

Reducing the Risk

End-to-end encryption on all file transfers and communications will help to minimize the risk posed by at-home staff. Requiring employees to use a VPN can also be effective. Triofox offers a better solution.

Triofox adds cloud-like secure remote access and mobile file sharing for your organization’s existing file servers. Files remain securely stored on your local server but are easily accessible by both local and remote employees, no VPN needed. It provides more secure data access than using cloud storage and doesn’t require you to either data at rest or in transit encryption.

Let Triofox Be Your Secure File Sharing Solution

Triofox is a file server enhancement solution that provides maximum security for local and remote users without the need for encryption. Your data stays safe and secure on-premises on your local file servers, with no need for risky cloud storage. Contact Triofox today to learn more about how Triofox can help you secure your valuable data files – no additional investment in hardware necessary.

Contact us today for a free trial!

Leave a Reply