News & Thought Leadership

Check out the latest news, insights, and updates.

Videos & Podcasts

See and hear more about our capabilities and tech.

Frequently Asked Questions

Uncover answers + common myths and misconceptions.

The Data Triad

Discover why protecting Data in Use is critical.


About Us

Learn our story and meet our team.

Our Partners

Explore our collaborations to advance secure data usage.


We're hiring!
Consider our active openings — Join our team!

Use Cases

We're hiring!
Unlock untapped opportunities across verticals.


Public Sector

Mission-enabling, transformative data usage for federal users.

Financial Services

Secure and private data sharing across silos and jurisdictions.


Securely use and collaboration with sensitive, health-related assets.

Secure AI

Enhance decision making, protect privacy, and combat ML/AI risks.
We've just released an infographic!
Highlights of tremendous progress in the Secure AI market
Book a Demo
March 15, 2019

SecurityWeek: Uncovering the Data Security Triad

In this column for SecurityWeek, Enveil CEO Ellison Anne Williams introduces the Data Security Triad and outlines why data must be protected as it exists at all points in the processing lifecycle.

Data Must be Protected as it Exists at All Points in the Processing Lifecycle

Data is often an organization’s largest and most valuable asset, making it a prime target for all types of adversaries both criminal and nation-state. Nearly every week a new data breach is announced, serving as a consistent reminder that data security matters. In the first half of 2018 alone, 944 breaches led to 3.3 billion data records being compromised. But what does true data security look like? Numerous solutions herald the necessity of and their ability to provide ‘end-to-end protection’ but when we break through the buzzwords, do we have a clear picture of what it means to secure data?

With attack vectors emerging from every possible angle and attackers becoming increasingly sophisticated, it has become clear that every part of data security matters — from secure data storage, transit, and processing to access control and effective key management. If one aspect is vulnerable, it undermines the effectiveness of the other security measures that have been put in place.

This multi-dimensional risk requires a holistic, data-centric approach to security, one focused on protecting the data itself at all points in its lifecycle rather than concentrating efforts only on its perimeter of surrounding networks, applications, or servers. Organizations must ensure data is secured at all times by:

1. Securing Data at Rest on the file system, database, or storage technology

2. Securing Data in Transit as it moves through the network

3. Securing Data in Use, while the data is being used or processed

Data Security Triad

Together, these elements form the Data Security Triad, representing the trifecta of protection required to ensure data is secure throughout its entire lifecycle.

At the core of this protection strategy is encryption. Encryption renders data useless to an attacker, making it unreadable and therefore removing its value. Thus, encryption is able to undermine the attackers’ purpose – stealing assets of value – and makes the target infinitely less appealing.

Experience tells us that if there is data of value at stake, attackers will find a way to find and reach it – we can’t just lock the front door; every point of entry needs to be protected.  Consequently, limiting encryption to only a portion of the Data Security Triad is a dangerous oversight. It is critical to protect data at rest, in transit, and in use.

  • Data at Rest: Inactive data stored in any digital form, Data at Rest may be located on the hard drive or in databases, data lakes, cloud storage, or countless other locations. Often thought of as the safest state of data, we typically see perimeter-based technologies and solutions implemented as a first line of defense, with additional layers added depending on the purpose and sensitivity of the data itself. These extra measures include keeping sensitive data encrypted whether stored on premise or in the cloud. Due to the aggregated nature of data storage, Data at Rest is an attractive target for attackers interested in exfiltrating large quantities of valuable data.
  • Data in Transit: Data is vulnerable while in transit, whether moving through a private network, local devices, or a public/untrusted space. It is widely recognized that encrypting Data in Transit is standard practice – it’s typically one of the first areas of focus for a security team as they look to lock down data assets. It’s a must have – and as long as businesses adhere to proper protocols, transport encryption is an efficient and effective line of defense.
  • Data in Use: If the two previously described states of data can be simplistically labeled as the best understood and most solutioned, Data in Use should be referred to as most overlooked. As such, it has quickly become the point of least resistance for an attacker. At the most basic level, the challenge in the Data in Use arena is tied to a lack of recognition of the problem itself. The vulnerability has been ignored in part because some in the security world incorrectly assume that protecting Data at Rest and Data in Transit means their work is done. However, the increasing sophistication of attackers coupled with the foundation-rattling disclosures regarding flaws in the processing mechanisms of ubiquitous computer chips requires that businesses of all sizes open their eyes to the importance of protecting Data in Use. Data is most valuable when we’re using it to extract insights, which can be accomplished by executing searches or analytics to deliver critical information. Beyond access controls and user authentication, which are important parts of any security plan, there are a variety of commercially available solutions and technical methods being used to combat this vulnerability including homomorphic encryption, secure multiparty compute, and secure enclave technologies.

We know attackers are evolving and our security practices must evolve as well. Protection schemes must recognize and secure data as it exists at all points in the processing lifecycle, whether at rest, in transit, or in use.

Read the full article at SecurityWeek.

To learn more about the expanded value unlocked by Enveil, please schedule a meeting.
Enveil Logo
Enveil is a pioneering Privacy Enhancing Technology company protecting Data in Use. Enveil’s business-enabling and privacy-preserving capabilities change the paradigm of how and where organizations can leverage data to unlock value. Defining the transformative category of Privacy Enhancing Technologies (PETs), Enveil’s award-winning ZeroReveal® solutions for secure data usage, collaboration, monetization, and Secure AI protect the content of the search, analytic, or model while it's being used or processed. Customers can extract insights, cross-match, search, analyze, and leverage AI across boundaries and silos at scale without exposing their interests and intent or compromising the security or ownership of the underlying data. A World Economic Forum Technology Pioneer and Gartner Cool Vendor, Enveil is deployed and operational today, revolutionizing data usage in the global marketplace.
Copyright © 2024 Enveil | Privacy Policy