What Does Data At Rest Protection (DARP) Mean?
Data at rest protection refers to security procedures around data that is being stored in a stable medium. This data at rest is contrasted with data in other states, such as data in use. Data at rest protection helps companies or other controlling parties ensure that stored data is not vulnerable to hacking or other unauthorized access.
Techopedia Explains Data At Rest Protection (DARP)
Basic data at rest protection procedures often involve strong data encryption. Password protection and other access protocols can also be used. Some experts suggest either encrypting the entire data set in a storage medium, which might require a lot of resources, or evaluating different kinds of data to see which data sets need to be protected.
Some aspects of data at rest protection are easier than others. It’s generally feasible for an IT administrator to set up an encrypted storage medium. However, issues around detachable media are much harder to solve. Administrators have to think about whether a user could attach a flash drive or other removable USB device and get data in an unencrypted form. Because it’s difficult to completely implement data at rest protection without hampering employees' ability to do their jobs, companies often rely on in-house training and careful job applicant screening, as well as multi-tiered security protocols.
Along with concerns about the detachable media and other harder IT security puzzles, experts also disagree about whether encryption is really effective in various kinds of data protection situations. Some point out that encryption originally developed and evolved as a means for protecting messages in transit, and not for protecting massive databases. Data security engineers have had to come up with sophisticated processes that only encrypt certain data sets, keep encryption keys separate from encrypted data, and deal with certain kinds of problems related to the need for access, such as where keyboard sniffers or key loggers can intercept unencrypted or decrypted information as it is sent over the Internet.