What is data in motion?
Data in motion, also referred to as data in transit or in flight, is a process in which digital information is transported between locations within or between computer systems. The term can also describe data within a computer’s RAM ready to be read, accessed, updated, or processed. Data in motion is one of the three data states; the others are data at rest and data in use.
- Data that is moving from an internet-capable device to a web-facing service in the public or private cloud
- Data that is moving between virtual machines within and between cloud services
- Data that is traversing trusted private networks and untrusted networks such as the internet
- Data that is shared between applications and integrations.
Once the data arrives at its final destination, it becomes data at rest.
The concept of data at motion is essential for data protection for businesses and for keeping up to date with regulatory guidelines such as PCI DSS or GDPR. Data in motion is also crucial to those working in big data analytics, as data processing can help an organization analyze and gain insight into trends as they occur.
Encrypting data in motion
Data sent from device to device could be intercepted, stolen, or leaked if not secured when sent. Because data in motion is vulnerable to man-in-the-middle attacks, it is often encrypted to prevent interception. Data should always be encrypted when traversing any external or internal networks.
Data in motion can be encrypted using the following methods:
- Asymmetric encryption. This method uses one public key and one private key to encrypt and decrypt a message. This is done to protect the transmission from unauthorized access or use. If the sender encrypts a message using their private key, it can only be decrypted using that sender’s public key, thus authenticating the sender. In addition, the encryption and decryption processes occur automatically. Many protocols rely on asymmetric cryptography, including Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols, which make HyperText Transfer Protocol Secure (HTTPS) possible.
- TLS and SSL. One of the best-known cryptography uses for data in motion are TLS and SSL. TLS provides a transport layer as an encrypted tunnel between email servers or message transfer agents. On the other hand, SSL certificates encrypt private communications over the internet using public and private keys.
- HTTPS. Typically, HTTPS is used to provide communication security over the internet. Still, it has become a standard encryption approach for browser-to-web host and host-to-host communications in cloud and non-cloud environments.
- Cryptography. Cloud-based providers may also use multiple encryption methods, coupled with users encrypting their data at rest within a cloud environment. For example, symmetric cryptography is sometimes used for key exchange and symmetric encryption for content confidentiality. This approach bolsters and enhances standard encryption levels and strengths of encryption.
- IPSec. The Internet Small Computer System Interface transport layer protects data in motion using Internet Protocol Security (IPSec). IPSec can encrypt data as it is transferred between two devices to prevent hackers from seeing the contents of that data. IPSec is used extensively as a transit encryption protocol for virtual private network tunnels, as it uses cryptography algorithms such as Triple Data Encryption Standard (Triple DES)and Advanced Encryption Standard (AES). Encryption platforms can also integrate with existing enterprise resource planning systems to keep data in motion and secure.
