Back to Glossary
Data Protection
What is Data At Rest?
Data stored on a device or server that is not actively being transmitted or processed, requiring encryption to protect against unauthorized access.
Data at rest is vulnerable to theft through physical access, breaches, or insider threats.
Where Data Rests
- Hard drives and SSDs
- Database servers
- Cloud storage
- Backup tapes and drives
- USB drives and portable storage
- Mobile devices
Protection
- Full-disk encryption: BitLocker (Windows), FileVault (macOS), LUKS (Linux)
- File-level encryption: VeraCrypt containers, Cryptomator
- Database encryption: Transparent Data Encryption (TDE)
- Cloud encryption: Provider-managed keys or customer-managed keys (better: E2EE)
Related Terms
Encryption at Rest
Encryption applied to data stored on disks, databases, or other storage media. When data is 'at rest' (not actively being transmitted), encryption protects it from unauthorized access if storage devices are stolen or compromised.
End-to-End Encrypted Cloud Storage
Cloud storage where files are encrypted on your device before upload and can only be decrypted by you, not the storage provider.
Have more questions?
Use our guided flow to get the right next privacy step for Data At Rest.
Open Guided Flow