States of Data

1. Data at Rest: Data that is stored in a physical or digital format and

not actively being used. This includes files on hard drives, databases,
or backup storage.
o Example: A file stored on a company’s server or cloud storage
platform.
o Security Measures:
 Encryption: Ensure that the stored data is encrypted
using strong algorithms like AES (Advanced Encryption
Standard).
 Access Control: Implement strict access permissions to
prevent unauthorized access (e.g., role-based access
control).
 Physical Security: Protect physical storage devices
(e.g., servers) with biometric locks, surveillance, etc.
 Data Loss Prevention (DLP): Prevent sensitive data
from being leaked by monitoring for suspicious
activities.
2. Data in Transit: Data that is actively moving from one location to
another, such as across a network.
o Example: Sending an email or transferring a file between a
user’s computer and a cloud service.
o Security Measures:
 Encryption: Use protocols like TLS (Transport Layer
Security) or VPNs (Virtual Private Networks) to encrypt
data during transmission.
 Secure Channels: Ensure that communication is done
through secure, encrypted protocols like HTTPS, SFTP,
or IPsec.
 Firewall & IDS/IPS: Monitor and filter data packets
traveling over the network to detect or prevent malicious
activity.
 3. Data in Use: Data that is actively being processed by an application
or system.
o Example: A user accessing and modifying a document on their
local machine or within a cloud-based app.
o Security Measures:
 Secure Workstations: Ensure devices that handle
sensitive data have antivirus, malware protection, and
are regularly patched.
 Application Security: Implement secure coding
practices to avoid vulnerabilities like buffer overflows or
code injection.
 Access Control: Limit who can view or modify data
based on job roles or need-to-know bases.
 Memory Encryption: Encrypt sensitive data in RAM
using technologies like Intel’s SGX (Software Guard
Extensions).

Data Lifecycle and Security Measures

1. Create: This is when data is first generated, captured, or entered into
a system.
o Example: Filling out a web form with personal details.
o Security Measures:
 Data Validation: Ensure data input is validated to
prevent SQL injection or input-based attacks.
 Authentication: Confirm the identity of the person
creating the data using techniques like multi-factor
authentication (MFA).
 Encryption: Immediately encrypt sensitive data as it is
being created.
2. Store: Data is saved in a database, file system, or cloud storage for
future use.
 o Example: A company's financial records being stored on a
database.
o Security Measures:
 Encryption: Data should be encrypted both at rest and
in the database.
 Backup and Recovery: Create encrypted backups to
ensure availability in case of data corruption or loss.
 Audit Trails: Keep a log of who accessed or modified
the data to detect suspicious activity.
3. Use: Data is retrieved from storage, processed, and used for
decision-making or other purposes.
o Example: Accessing a customer’s transaction history in a
banking system.
o Security Measures:
 Access Controls: Only authorized personnel should be
able to use or access data.
 Data Masking: Mask sensitive information (e.g.,
showing only the last four digits of a credit card
number).
 Session Management: Implement secure session
handling techniques like session timeouts and re-
authentication after inactivity.
4. Share: Data is distributed to authorized users, systems, or external
partners.
o Example: A healthcare provider sharing patient information
with another clinic.
o Security Measures:
 Data Anonymization: Remove or obfuscate personally
identifiable information (PII) before sharing.
 Encryption: Encrypt data before sharing via email or
file transfer.
  Access Logs: Track who accessed or shared the data to
ensure accountability.
5. Archive: Data is moved to long-term storage for regulatory or
historical reasons but is no longer actively used.
o Example: An archived set of tax records that must be retained
for a set period.
o Security Measures:
 Encrypted Archives: Ensure archived data is encrypted
to prevent unauthorized access.
 Access Restrictions: Limit who can access archived
data, using multi-factor authentication (MFA) for
sensitive data.
 Regular Audits: Periodically review archived data to
ensure compliance with data retention policies.
6. Delete: Data is permanently erased from all storage locations when
it is no longer needed.
o Example: Deleting customer data after their account has been
closed and the retention period is over.
o Security Measures:
 Secure Deletion: Use methods like shredding for
physical media or data-wiping algorithms (e.g., DoD
5220.22-M) for digital media.
 Data Sanitization: Ensure that all copies of data,
including backups, are also deleted or sanitized.
 Certification: Some industries require certification that
the data has been securely deleted.

In summary, data security is vital at every state (at rest, in transit, in use)
and throughout the data lifecycle (create, store, use, share, archive, delete).
Each stage requires tailored security measures to protect against
unauthorized access, data breaches, or data loss, ensuring confidentiality,
integrity, and availability (CIA triad).
The CIA Triad is a fundamental concept in information security that
stands for Confidentiality, Integrity, and Availability. It helps ensure that
data remains protected across all states (at rest, in transit, in use) and
during all phases of the data lifecycle (create, store, use, share, archive,
delete). Let’s break down how the CIA triad relates to the points discussed:

1. Confidentiality
Confidentiality ensures that sensitive data is accessible only to those
authorized to view or use it, preventing unauthorized access or disclosure.
 Data at Rest:
o Encryption is critical to maintaining confidentiality. For
example, encrypting data stored on a company’s server ensures
that only authorized users with the correct decryption keys can
access it.
o Access Control mechanisms prevent unauthorized personnel
from viewing or modifying stored data.
 Data in Transit:
o Encrypted channels like TLS and VPNs ensure that
confidential data transmitted over networks (e.g., emails or file
transfers) is unreadable to eavesdroppers or attackers.
 Data in Use:
o Access Control limits who can access or process the data. For
instance, sensitive customer data is masked to maintain
confidentiality, revealing only necessary parts.
 Lifecycle Phases:
o During Create and Share phases, confidentiality is
maintained through data encryption and anonymization. For
example, encrypting sensitive information when it is created
(e.g., personal information on a web form) and anonymizing
data when sharing with third parties protects confidentiality.
 o In the Archive phase, archived data should remain confidential
via encrypted storage and limited access to authorized users.
o In the Delete phase, secure deletion ensures that confidential
data is erased entirely, preventing potential recovery by
unauthorized parties.

2. Integrity
Integrity ensures that data remains accurate, consistent, and unaltered
unless modified by authorized personnel. This prevents data corruption,
unauthorized changes, or accidental alterations.
 Data at Rest:
o Checksums or hashing algorithms (e.g., SHA-256) can be
used to verify the integrity of stored data, ensuring it hasn’t
been altered without authorization.
 Data in Transit:
o Integrity checks are vital during data transmission. Protocols
like TLS not only encrypt but also verify that the data received
matches what was sent, preventing tampering.
 Data in Use:
o Application-level security mechanisms ensure that data
modifications are controlled and validated, preventing
accidental changes or malicious edits.
 Lifecycle Phases:
o During the Use phase, integrity is upheld by using access
controls and auditing to ensure only authorized users can
modify data. For example, only HR personnel should be able
to edit employee salary data.
o In the Store phase, database-level integrity checks and logging
systems track all changes, ensuring data remains consistent.
o In the Archive phase, archived data is protected with integrity
checks to prevent unauthorized changes over time.
 o During the Delete phase, proper data sanitization methods
are essential to ensuring that deleted data can’t be recovered or
altered maliciously.

3. Availability
Availability ensures that authorized users have access to the data when
needed. This is critical for business operations, as data should be available
without interruptions or excessive delays.
 Data at Rest:
o Backup and Recovery Systems ensure data availability even
if storage systems fail. For example, if a server fails, data
stored on backups remains available.
 Data in Transit:
o Redundant network paths and robust infrastructure support
availability by ensuring data can be transmitted smoothly even
if part of the network goes down.
 Data in Use:
o Systems processing data must be properly maintained to
ensure availability. This includes regular patching and
maintenance of servers, applications, and hardware.
 Lifecycle Phases:
o During the Store phase, data should be backed up and
replicated to maintain availability in the event of hardware or
software failure.
o In the Use phase, high availability solutions (e.g., cloud-based
failover systems, load balancing) ensure continuous data
access.
o Availability in the Share phase involves ensuring that shared
data can be accessed by authorized external parties without
delays. This may include robust infrastructure and disaster
recovery plans.
 o Even during Archive, data should remain available when
required for legal or regulatory purposes, while being
protected from accidental deletion.
o In the Delete phase, data availability is no longer required, but
before deletion, processes ensure that necessary data is not
prematurely erased or lost.

CIA Triad Summary in Relation to Data States and Lifecycle:

 Confidentiality: Encryption, access control, and secure channels
ensure that sensitive data is not exposed at any point (at rest, in
transit, in use) or during creation, storage, sharing, and archiving.
 Integrity: Hashing, checksums, access control, and auditing ensure
that data remains accurate and consistent, protecting it from
unauthorized alterations at every stage of the data lifecycle.
 Availability: Backup, redundancy, and system maintenance ensure
data is accessible to authorized users throughout the lifecycle, from
creation to deletion.
Balancing the CIA triad is crucial for effective information security,
ensuring that data is confidential, trustworthy, and always available when
needed.