QeeqBox

Data States

Written by

Giga Alqeeq

in

Data States

Data states refer to the different conditions in which data exists, encompassing both structured and unstructured information. They are typically divided into three categories: at rest, in use, and in transit.

Data at Rest

Data stored on physical or digital media that is not actively being processed or transmitted.

  • Examples: Databases, File servers, Cloud storage, Backups, Endpoint devices  
  • Security Controls:
    • Encryption: Full disk, file-level, and database encryption to protect confidentiality.  
    • Access Controls: Role-Based Access Control (RBAC) and the principle of least privilege.  
    • Data Loss Prevention (DLP): Identifies and protects sensitive stored data.  
    • Integrity Controls: Hashing and checksums to detect unauthorized modifications. 
    • Availability Controls: Backups, redundancy, and disaster recovery plans.  
    • Cloud Access Security Broker (CASB): Enforces policies for cloud-stored data.  
    • Mobile Device Management (MDM): Secures data on mobile endpoints (e.g., remote wipe, enforced encryption).

Example

echo # prints text to standard output
“Hello World” # the exact string being printed
> # redirects output into a file (overwrites file if it exists)
file.txt # destination file

echo "Qeeqbox" > file.txt

ls # list directory contents
– l # use long listing format (permissions, owner, size, date)
file.txt # the specific file to display info about

ls -l file.txt

Data in Use

Data actively accessed, processed, or modified by users or applications, typically in memory (RAM).

  • Examples: Editing documents, Running applications, Processing transactions  
  • Security Controls:
    • Access Controls & Authentication: Ensures only authorized users or processes can access data.  
    • Privileged Access Management (PAM): Monitors and restricts administrative access.  
    • Rights Management (Digital Rights Management/Information Rights Management): Controls usage (e.g., restricts copy, print, and forwarding).  
    • Endpoint Security: Endpoint Detection and Response (EDR) and antivirus solutions to detect malicious activity during use.  
    • Data Masking/Tokenization: Protects sensitive data during processing.  
    • Session Controls: Implement timeouts, re-authentication, and continuous monitoring.  
    • DLP (Endpoint): Prevents unauthorized actions, such as copying to USB devices.  

Note: Traditional encryption does not fully protect data in use since it must be decrypted in memory. Advanced methods like confidential computing exist but are not yet standard.

Example

nano # open the nano text editor
file.txt # target file to open or create

nano file.txt

ps aux # list all running processes with details
| # pipe sends output of left command to right command
grep nano # filter results to only lines containing “nano”

ps aux | grep nano

Data in Transit

Data that is transmitted between systems, networks, or users.

  • Examples: Emails, Web traffic, File transfers, API communications  
  • Security Controls:
    • Encryption in Transit: Utilize TLS/SSL (HTTPS), secure email encryption, and VPNs.  
    • Secure Protocols: Use SFTP and SSH instead of insecure protocols like FTP and Telnet.  
    • DLP (Network): Monitors and blocks unauthorized data exfiltration.  
    • CASB: Controls data movement to and from cloud services.  
    • Integrity Controls: Use digital signatures to verify authenticity and prevent tampering.  
    • Network Security Monitoring: Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) to detect attacks and anomalies.  
    • Rights Management (DRM/IRM): Maintains usage restrictions after sharing.  

Example

curl # Run the curl command-line download tool
https://qeeqbox.com/file.txt # URL of the file to download
-o file.txt # Save the downloaded content as “file.txt”

curl https://qeeqbox.com/dummy.txt -o file.txt

More posts