Data at rest refers to data stored on end-user devices, such as computers and phones, or removable storage media, such as memory cards, external hard drives, and USBs. According to the National Institute of Standards and Technology (NIST), there are several threats to stored data:
Some threats are unintentional, such as human error, while others are intentional. Intentional threats are posed by people with many different motivations, including causing mischief and disruption, and committing identity theft and other fraud. A common threat against end-user devices is device loss or theft. Someone with physical access to a device has many options for attempting to view or copy the information stored on the device. Another concern is insider attacks, such as an employee attempting to access sensitive information stored on another employee’s device. Malware, another common threat, can give attackers unauthorized access to a device, transfer information from the device to an attacker’s system, and perform other actions that jeopardize the confidentiality of the information on a device.
Encryption, authentication and backup, and disaster recovery systems are the main security measures that are commonly undertaken to restrict access to and maintain confidentiality of stored data.