Where does data sit and where must it be encrypted

database-designencryption

what is does it mean when data-at-rest is not encrypted at the datacenter. Does this mean that the data sitting in the database is not encrypted?

I am just trying to understand if data sits on the server level or database level

Thank you so much

Best Answer

Not sure what you mean by "if data sits on the server level or the database level".

Data-at-rest is data stored on a disk. Data-at-rest encryption protects against physical theft of the disk. Data-at-rest encryption can be provided by the storage array, a separate hardware device, the server operating system, or the database depending on the infrastructure technology stack. Data that is encrypted "at rest" is decrypted automatically and transparently when it is accessed by the database; it will not protect your data from a hack of the database or your application.

If your data is not encrypted at rest, then it is not encrypted by default by the infrastructure technology stack when it is written to the disk. That doesn't mean that your data might not be encrypted at the application level (i.e. that the database only stores data that is already encrypted by the app server and doesn't need further protection), or that it isn't encrypted "in motion" as it crosses the network.