What is data in motion?
Data in motion, also referred to as data in transit or data in flight, is a process in which digital information is transported between locations either within or between computer systems. The term can also be used to describe data within a computer's RAM that is ready to be read, accessed, updated or processed. Data in motion is one of the three different states of data; the others are data at rest and data in use.
Data in motion works with many different network types, including data transfers between these locations:
- data that is moving from an internet-capable device to a web-facing service in the public or private cloud;
- data that is moving between virtual machines within and between cloud services;
- data that is traversing trusted private networks and untrusted networks such as the internet; and
- data that is shared between applications and integrations.
Once the data arrives at its final destination, it becomes data at rest.
The concept of data at motion is important data protection for businesses and for keeping up to date with regulatory guidelines such as PCI DSS or GDPR. Data in motion is also important to those working in big data analytics, as the processing of data can help an organization analyze and gain insight into trends as they occur.
Encrypting data in motion
Data sent from device to device could be intercepted, stolen or leaked if not secured when sent. Because data in motion is vulnerable to man-in-the-middle attacks, for example, it is often encrypted to prevent interception. In fact, data should always be encrypted when traversing any external or internal networks.
Data in motion can be encrypted using the following methods:
- Asymmetric encryption. This method uses one public key and one private key to encrypt and decrypt a message. This is done to protect the message from unauthorized access or use. If the sender encrypts a message using their private key, the message can only be decrypted using that sender's public key, thus authenticating the sender. In addition, the encryption and decryption processes occur automatically. Many protocols rely on asymmetric cryptography, including Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols, which make HyperText Transfer Protocol Secure (HTTPS) possible.
- TLS and SSL. One of the best known uses of cryptography for data in motion is TLS and SSL. TLS provides a transport layer that acts as an encrypted tunnel between email servers or message transfer agents. SSL certificates, on the other hand, encrypt private communications over the internet using public and private keys.
- HTTPS. Typically, HTTPS is used to provide communication security over the internet, but it has also become a standard encryption approach for browser-to-web host and host-to-host communications in both cloud and non-cloud environments.
- Cryptography. Cloud-based providers may also use multiple encryption methods, coupled with users encrypting their own data at rest within a cloud environment. For example, symmetric cryptography for key exchange and symmetric encryption for content confidentiality are sometimes used. This approach bolsters and enhances standard encryption levels and strengths of encryption.
- IPSec. The Internet Small Computer System Interface transport layer protects data in motion using Internet Protocol Security (IPSec). IPSec can encrypt data as it is transferred between two devices to prevent hackers from seeing the contents of that data. IPSec is used extensively as a transit encryption protocol for virtual private network tunnels, as it uses cryptography algorithms such as Triple Data Encryption Standard (Triple DES)and Advanced Encryption Standard (AES). Encryption platforms can also integrate with existing enterprise resource planning systems to keep data in motion secure.
Learn more about how to secure email attachments with methods such as TLS.