What is Data at Rest Encryption
Data at rest encryption is a term used for the application of encryption technology to data that sits within databases, file systems and other storage devices. It specifically does not deal with data in transit.
How to use Data at Rest Encryption
Transparent Data Encryption (TDE) is one of the most common methods of data at rest encryption. It is used on databases where it encrypts at the structural level of the database. TDE uses a database encryption key to perform the encryption/decryption process. This key is stored in the database boot record. The management and security of multiple keys from multiple databases can prove troublesome. It is also good security practice to separate the key from the data. As such, enterprises often adopt centralised management of TDE, including key management and security.