Data Security Principles - Information States

notes

Data at Rest, in Transit, Processing

At Rest - data stored on a device, server, cloud, or a backup medium

For example, stored private photos and comments on Instagram. Instagram could process your data both locally on your phone or on their servers. Instagram could have multiple servers and cloud storage where these photos and comments are stored (anywhere in the world)

We must ensure no other application, the phone/server operating system, except the Instagram application, is able to see (confidentiality), change (integrity), or delete (availability) our photos while they are stored both locally or remotely.

Continued

• Before it reaches Instagram, the data is crossing multiple network nodes across the country and the globe.

• We must ensure none of these nodes are able to see, change, or delete our photos before reaching the Instagram server.