Table of Contents
    Home / Definitions / Data in Use
    Encryption 2 min read

    Data in use is data that’s active, even if it’s being stored at the time (such as an application on a computer that may not be used every second, but the data is still active in storage). Although both may be stored, data in use differs from data at rest in that data in use may be stored for periods of time while working in storage, such as a computer’s memory. Data at rest, on the other hand, is permanently or temporarily stored in a fixed location, often secured by full disk encryption or other methods that keep a storage disk, drive, or vault safe. Because it is regularly accessed or used, data in use is much trickier to secure.

    Data in use is more susceptible to unauthorized access because it’s often accessed by multiple users (such as a work document or important file). While memory on a computer can be encrypted, if that data is active, current-use files are harder to secure. Rather than focusing entirely on encrypting the data, authenticating the users who have access to that data becomes a primary concern. However, there are a few encryption methods for data in use that help stem the tide of unauthorized access and sensitive data breaches.

    Methods of protecting data in use

    Confidential computing is one popular method of protecting data in use. It utilizes a Trusted Execution Environment, often hosted on hardware, that shields the data from users or programs that have access to the hardware but aren’t authorized to see the data. The Trusted Execution Environment (TEE) can be specifically designed with data protection features; its programmable nature allows it to more securely protect data.

    Homomorphic encryption is a relatively new method of encrypting data in use that has not been commonly adopted. However, it’s promising because it keeps data encrypted while that data is being used or processed. Then it doesn’t have to be decrypted and encrypted multiple times as it’s used, which increases the risk of interception during the decryption process. When the data is finally decrypted in a secure environment, it has undergone the appropriate changes without being damaged or misused.