Browse Definitions :
Definition

data in use

Contributor(s): Laura Fitzgibbons

Data in use is data that is currently being updated, processed, erased, accessed or read by a system. This type of data is not being passively stored, but is instead actively moving through parts of an IT infrastructure. Data in use is one of three states of digital data -- the other two states are data in motion and data at rest.

Data states are used by information security professionals to identify endpoints where data should be encrypted. In addition to encryption, some important ways that data in use is protected include user authentication at all stages, strong identity management and well-maintained permissions for profiles within an organization.

Examples of data in use include data that is stored or processed in RAM, databases or CPUs. Requesting access to transaction history on a banking website or authorizing user login input are applications of data in use.

Security of data in use

Due to data in use being directly accessible by one or more users, data in this state is vulnerable to attacks and exploits. Additionally, security risks become greater as permissions and devices increase. Oftentimes, data in use could contain digital certificates, encryption keys and intellectual property which make it crucial for businesses to monitor. Common practices for protecting data in use include:

  • Tracking and reporting data access to detect suspicious activity and potential threats. For example, monitoring login attempts to platforms with sensitive information.
  • Strict access control and endpoint security management with authentication measures in place.
  • Full disk or memory encryption.
  • Well documented data loss prevention (DLP) and disaster recovery plans (DRP).
  • Non-disclosure agreements (NDA) for employees and stakeholders.
This was last updated in February 2019

Continue Reading About data in use

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

How does your organization protect its data in use?
Cancel

SearchCompliance

  • risk assessment

    Risk assessment is the identification of hazards that could negatively impact an organization's ability to conduct business.

  • PCI DSS (Payment Card Industry Data Security Standard)

    The Payment Card Industry Data Security Standard (PCI DSS) is a widely accepted set of policies and procedures intended to ...

  • risk management

    Risk management is the process of identifying, assessing and controlling threats to an organization's capital and earnings.

SearchSecurity

SearchHealthIT

SearchDisasterRecovery

  • call tree

    A call tree is a layered hierarchical communication model that is used to notify specific individuals of an event and coordinate ...

  • Disaster Recovery as a Service (DRaaS)

    Disaster recovery as a service (DRaaS) is the replication and hosting of physical or virtual servers by a third party to provide ...

  • cloud disaster recovery (cloud DR)

    Cloud disaster recovery (cloud DR) is a combination of strategies and services intended to back up data, applications and other ...

SearchStorage

Close