Data Security

When we consider data security, we have to take into account and know what states it exists (In motion (Transmission), In use (Processing) and in Storage)). Referring to your question, we can apply different data protection mechanisms to safeguard our valuable data. One of the protection techniques, as you raised, is to use data encryption. Using encryption to protect data is more convenient when it is in transmission and in storage states. We can use secure VPN, TLS, IPSec and other tunneling approaches to secure our data in transmission (Motion). These all techniques apply encryption to secure data in motion. When it comes data in storage, we can apply different encryption techniques such as full disk encryption (FDE), BitLocker, and so on methods. But when it comes to data in use, it is not that convenient to apply encryption techniques to our data. Because it is in memory and it should be further processed. But if we encrypt it while in use, the OS will not be able to decrypt it on the fly and we will not be able to process it and use it for the intended purpose. It is possible to use encryptor-decryptor techniques but it will make our system slow and it is more difficult to use encryption while our data is in use state. We can rather use other mechanisms such as ASLR (Address Space Layout Randomization), proper patch management, proper input validation, etc. instead of encryption to protect it from attacks such as Buffer Over Flow and other race conditions. For highly sensitive and critical data, we can apply TCB (Trusted Computing Base), TPM (Trusted Platform Module) and HSM (Hardware Security Module) to mention a few.

Data in Use; since this is the time when we are using the data actively, it can’t be encrypted. However we can take some good practice measure to protect our data in time of use: Such as applying Clean Desk policy, Print Policy, Allowing no ‘Shoulder Surfing’, locking computer screen when leaving you PC unattended.