Data and information which need to be kept confidential and protected from unauthorized persons, must be protected at every stage of their life-cycle. There are basically three stages: at rest, in motion and in use. Data at rest is the data not being used or processed at the moment, resting on corporate servers, work stations, in repositories or on storage media. Such data is usually stored on a hard drive in digital format and must be protected by encryption using cryptography means applied to the whole hard drive or its partitions.
Data in motion is the data and information which is being transferred in an information/communications system or between systems, between trusted partners, between workstations and central repositories or transmitted to storage media during recording or backup. In this case the data and information can be protected using line (L1), data (L2) or network (L3) encrypters allowing different transfer speeds.
The last category is data in use. This is sensitive data which is being used or processed, located usually in the operating memory of servers or workstations. Its security can be guaranteed by thorough specification and monitoring of access rights to such data by particular software applications and/or authorized persons.