Certified: The Security+ Prepcast

In this episode, we are going to break down one of the most important foundational concepts in cybersecurity: the states of data. When we talk about protecting information, we need to understand not just what kind of data we are protecting, but also where and how it exists at any given moment. Data can be in one of three states—at rest, in transit, or in use—and each state comes with its own risks and security strategies. If you can clearly understand these states, you will be better prepared to answer questions on the Security Plus exam and more confident in real-world security situations.
Let us begin with data at rest. This is information that is stored on a device and not actively moving through a network or being processed. It might be saved on a hard drive, a cloud storage platform, a mobile device, or a file server. Although data at rest may seem safe because it is not moving, it is still a prime target for attackers. If an adversary gains access to a storage system, they can steal sensitive data, tamper with files, or hold the data for ransom. The longer the data sits unmonitored, the more time a threat actor has to exploit it. One well-known example is when lost or stolen laptops containing unencrypted customer information led to major data breaches for several healthcare and financial companies.
To protect data at rest, organizations rely on a combination of encryption and access controls. Encryption ensures that even if the data is stolen, it cannot be read without the proper decryption key. This might include full-disk encryption for laptops, volume encryption for cloud storage, or database-level encryption for records. Access controls, on the other hand, limit who can view or interact with the data in the first place. These might include multifactor authentication, role-based access policies, and logging systems that track who accesses files and when. The idea is to make stored data unreadable to unauthorized users and traceable for auditing purposes.
Now let us move to data in transit. This is information actively moving between systems, whether across internal networks or over the internet. Examples include emails, file transfers, and web traffic. Data in transit is vulnerable because it can be intercepted as it moves. Attackers may try to eavesdrop, steal credentials, or alter the information during transmission. This type of attack is often referred to as a man-in-the-middle attack, where a malicious actor secretly relays and possibly changes the communication between two parties.
To protect data in transit, encryption is again essential—but this time the focus is on securing the communication channels. Two of the most widely used technologies for this are Transport Layer Security and Internet Protocol Security. Transport Layer Security is used to secure web traffic, emails, and other types of communication. When you see that lock symbol in your web browser, it means the site is using Transport Layer Security. Internet Protocol Security is often used in virtual private networks to encrypt packets of data moving across networks. Both technologies ensure that data cannot be read or tampered with while it is on the move.
Real-world scenarios show just how critical this is. In one widely publicized incident, a company failed to encrypt customer data transmitted from its mobile app to its servers. Attackers intercepted the data using a wireless sniffer and gained access to thousands of user accounts, including login credentials. In another case, employees at a financial firm sent unencrypted spreadsheets with sensitive information through email, exposing private client data when an email was mistakenly forwarded to the wrong recipient. These examples highlight why encryption in transit is not just a best practice—it is a necessity.
Finally, let us talk about data in use. This is data that is currently being processed by a system. Unlike data at rest or in transit, data in use lives temporarily in system memory, central processing units, or application environments. While data is in use, it must be decrypted and exposed in a readable format to be useful. This makes it particularly vulnerable to memory scraping, side-channel attacks, or unauthorized access by compromised processes. In many ways, data in use is the hardest to protect because traditional encryption does not apply while the data is being actively manipulated.
To reduce the risks of data in use, organizations rely on advanced technologies like secure enclaves and runtime encryption. A secure enclave is an isolated portion of memory that allows sensitive computations to happen in a protected environment. Even if the operating system is compromised, the data inside the enclave remains secure. Runtime encryption, sometimes called homomorphic encryption, allows certain operations to be performed on encrypted data without ever decrypting it. Although still an emerging technology, it is gaining attention for its potential to transform how we think about data security. These methods add an extra layer of defense for applications that process highly sensitive data, such as biometric information or financial transactions.
In terms of exam preparation, it is important to be able to identify the state of data based on a scenario. If the data is being stored, it is at rest. If it is being sent between systems, it is in transit. If it is being processed by a device, it is in use. Each state demands different security measures. Make sure you can associate the correct encryption or control method with the appropriate data state. Also, pay attention to technologies like Transport Layer Security, Internet Protocol Security, and secure enclaves—they often show up in test questions.
Here is a tip to help you on the exam: when you encounter a question about protecting data, look at the verbs used. If the scenario mentions saving, storing, or archiving, you are likely dealing with data at rest. If it describes sending, uploading, or downloading, it points to data in transit. And if the context is about processing, analyzing, or computing, then you are looking at data in use. Once you identify the data state, you can quickly recall the most effective protection strategies to select the best answer.