Encryption at Rest
Encrypting stored data to protect it from unauthorized access when not in active use.
Definition
Encryption at rest refers to cryptographic protection of data stored on disk, databases, backups, and other storage media. It ensures that even if physical storage media is stolen or improperly accessed, data remains unreadable without the decryption keys. Common standards include AES-256 for data and RSA or ECDSA for key management. Cloud providers offer native encryption at rest for object storage, databases, and block storage, often with customer-managed keys for additional control.
Example
“An AWS S3 bucket containing patient medical records is configured with AES-256 server-side encryption, ensuring that even AWS employees cannot read the data without the customer-managed KMS key.”
Synonyms
- data-at-rest encryption
- storage encryption
- disk encryption
Antonyms / Opposites
- plaintext storage
- unencrypted data
Images
CC-licensed · free to useVideo
Related Terms
- encryption
- ssl
- tls
- public-key-infrastructure