One of the key functions of a security team is to protect a company's data as it is difficult to put a cost value on lost data. Let us look at three types of data—when it is at rest, in use, and in transit:

• Data-at-rest: Data-at-rest is when data is not being used and is stored either on a hard drive or external storage; let us look at the different devices:
• Desktops and laptops: We could use, for example, Bitlocker, which is known in the Security + exam as Full Disk Encryption. However, the desktop or laptop would need a TPM chip built into the motherboard. We could also use Data Loss Prevention (DLP) to prevent someone stealing the data with a USB drive.

• Tablets/phones: Tablets and phones will need Full Device Encryption (FDE) to encrypt the device so that data cannot be stolen.
• USB or removable drive: For removable devices, we should use Full Disk Encryption so that if the drive is lost or stolen, the data will not be readable.
  • Data-in-transit: When we are using the internet to purchase items, we use https to encrypt the session before we enter the credit card details. If we are outside of the company, we would use a VPN session to tunnel into the workplace to access data. TLS will be used to encrypt emails as they travel between mail servers.
  • Data-in-use: When we use memory on a device, it is in the Random Access Memory or a faster block of memory called the CPU cache. We can protect this data by using Full Memory Encryption.