Browse Definitions :
Definition

data in motion

Contributor(s): Laura Fitzgibbons

Data in motion, also referred to as data in transit or data in flight, is digital information that is in the process of being transported between locations either within or between computer systems. The term can also be used to describe data within a computer's random access memory (RAM) that is ready to be read, accessed, updated or processed. 

Data in motion includes the following scenarios: data moving from an Internet-capable endpoint device to a web-facing service in the cloud; data moving between virtual machines within and between cloud services and data that is traversing trusted private networks and an untrusted network such and the Internet. Once the data arrives at its final destination, it becomes data at rest.

Because data in motion is vulnerable to man in the middle (MiTM) attacks, it is often encryption to prevent interception. For example, the iSCSI transport layer incorporates IPSec security, which can encrypt data as it is transferred between two devices to prevent a hacker with a sniffer from seeing the contents of that data. IPSec has been used extensively as a transit encryption protocol for virtual private network (VPN) tunnels; it makes use of cryptography algorithms such as Triple DES (3DES) and Advanced Encryption Standard (AES). Encryption platform software can also be integrated with existing enterprise resource planning (ERP) systems to keep data in motion secure.

Encrypting data in motion

Perhaps the best-known use of cryptography for the data in transit scenario is secure sockets layer (SSL) and transport layer security (TLS). TLS provides a transport layer -- encrypted "tunnel" between email servers or message transfer agents (MTAs), whereas SSL certificates encrypt private communications over the Internet using private and public keys. The ongoing management and responsibility of data in transit resides in the correct application of security controls, including the relevant cryptography processes to handle encryption key management.

Cryptographic protocols have been in use for many years in the form of hypertext transfer protocol secure (HTTPS), typically to provide communication security over the Internet, but it has now become the standard encryption approach for browser-to-web host and host-to-host communications in both cloud and non-cloud environments.

Recent increases show a number of cloud-based providers using multiple factors of encryption, coupled with the ability for users to encrypt their own data at rest within the cloud environment. The use of symmetric cryptography for key exchange followed by symmetric encryption for content confidentiality is also increasing. This approach looks to bolster and enhance standard encryption levels and strengths of encryption.

This was last updated in May 2019

Continue Reading About data in motion

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

What measures does your organization take to secure data in motion?
Cancel

-ADS BY GOOGLE

File Extensions and File Formats

SearchCompliance

  • risk management

    Risk management is the process of identifying, assessing and controlling threats to an organization's capital and earnings.

  • compliance as a service (CaaS)

    Compliance as a Service (CaaS) is a cloud service service level agreement (SLA) that specified how a managed service provider (...

  • data protection impact assessment (DPIA)

    A data protection impact assessment (DPIA) is a process designed to help organizations determine how data processing systems, ...

SearchSecurity

  • spyware

    Spyware is a type of malicious software -- or malware -- that is installed on a computing device without the end user's knowledge.

  • application whitelisting

    Application whitelisting is the practice of specifying an index of approved software applications or executable files that are ...

  • botnet

    A botnet is a collection of internet-connected devices, which may include PCs, servers, mobile devices and internet of things ...

SearchHealthIT

SearchDisasterRecovery

  • business continuity plan (BCP)

    A business continuity plan (BCP) is a document that consists of the critical information an organization needs to continue ...

  • disaster recovery team

    A disaster recovery team is a group of individuals focused on planning, implementing, maintaining, auditing and testing an ...

  • cloud insurance

    Cloud insurance is any type of financial or data protection obtained by a cloud service provider. 

SearchStorage

  • DRAM (dynamic random access memory)

    Dynamic random access memory (DRAM) is a type of semiconductor memory that is typically used for the data or program code needed ...

  • RAID 10 (RAID 1+0)

    RAID 10, also known as RAID 1+0, is a RAID configuration that combines disk mirroring and disk striping to protect data.

  • PCIe SSD (PCIe solid-state drive)

    A PCIe SSD (PCIe solid-state drive) is a high-speed expansion card that attaches a computer to its peripherals.

Close