Trustwave SpiderLabs Exposes Unique Cybersecurity Threats in the Public Sector. Learn More

Trustwave SpiderLabs Exposes Unique Cybersecurity Threats in the Public Sector. Learn More

Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Offensive Security
Solutions to maximize your security ROI
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
SpiderLabs Blog

Protecting Zion: InfoSec Encryption Concepts and Tips

This is Part 9 in my ongoing project to cover 30 cybersecurity topics in 30 weekly blog posts. The full series can be found here.

In the movie The Matrix, The Key Maker controlled access to many locations and resources with the goal of preventing malicious code from destroying sensitive information. In a rare life-imitates-art situation, organizations today face the same challenge as they work to protect operational processes and corporate information. In this article, we’ll discuss a few encryption concepts as they pertain to security and offer some related tips.


Why Use Encryption

Encryption is a key pillar in cybersecurity best practices. If your data isn't protected, it can be maliciously modified, which leads to loss of integrity and confidentiality.


Encryption at Rest and in Motion

Encryption can take many forms. Let’s focus on the following encryption methods:

  • Data at rest: When sensitive data is stored on a disk, USB drive, or in the cloud, it’s considered at rest.
  • Data in motion: When sensitive data is passed over the network, it’s considered in motion.

If the data isn’t considered sensitive, the need for encryption, whether at rest or in motion is generally lower.


Encryption Protocols and Common Uses for Each

There are different encryption protocols depending on the requirement. Some examples you might recognize include:

Table 1 common encryption protocols and their usesTable 1: Common Encryption Protocols and their Uses


Common Tools for Effective Encryption Usage

There are many challenges when protecting data both at rest and in motion. For example, just finding all the data that needs protecting means knowing whether it’s on a USB drive, a server, a database, a cloud drive, etc. With the evolution of the cloud, new methodologies have risen to make it easier to find and encrypt data both at rest and in motion. Cloud vendors and other 3rd party tools offer a range of data protection services. Some examples of data protection tools include:

Data Protection Solutions

Data Protection Solutions applies a tag to data and then encrypts it. For example, Microsoft’s Purview offers data protection for on-prem and cloud data.


Key Stores

Key Stores securely hold encryption keys, so access is tightly restricted to only the authorized resources. Keystores don’t define what type of encryption is used; they just protect the keys used by the encryption process. All cloud vendors offer keystore services.


SASE: Secure Access Service Edge

As VPNs have done in the past, SASE provides encryption for end users accessing corporate resources. However, SASE can be much more granular in its segmentation of what can be accessed, and it can even ensure encryption is used against public-facing web applications not in the corporate network. You may also see SASE referred to as ZTNA or Zero Trust Network Access.


Database Encryption

Databases contain structured, schematized data that requires specific encryption methods. Some examples include row-level encryption, table-level encryption, and full encryption. All cloud vendors support a variety of database encryption methods, but the support methods may be different for each vendor, so some research is required.


CSPM: Cloud Security Posture Management

Although it doesn’t provide encryption, CSPM helps identify and advise on poor encryption practices such as using deprecated authentication protocols.


Encryption Best Practices

Due to the complexity of where to use encryption, it’s a good idea to refer to compliance standards and/or cloud vendor’s recommendations. Here’s a list of common resources for encryption best practices:



Web Link

General Data Protection Regulation (GDPR)

European Union

Health Insurance Portability and Accountability Act (HIPAA)

United States

Payment Card Industry Data Security Standard (PCI DSS)


Federal Information Processing Standards (FIPS) 140-2

United States

ISO/IEC 27001


California Consumer Privacy Act (CCPA)

United States (California)

Sarbanes-Oxley Act (SOX)

United States

National Institute of Standards and Technology (NIST)

United States

Center for Internet Security (CIS) Benchmarks


Microsoft’s Well Architected Framework



Where NOT to trust encryption

Hackers have found some clever ways around encryption, so it’s important to educate your users on protecting their data in less secure environments. Some examples are:

  • Airports, coffee shops, and other public WiFi locations – hackers will commonly set up wifi hotspots and wait for unassuming users to connect, so they can siphon off their credentials.
  • Token-Based Authentication Methods – Unfortunately, many web-based authorization methods are token based, so if an attacker can get access to your authentication token and the token has not expired, they may have access to your login session. To avoid this issue, use FIDO keys or applications that support more dynamic token key rotation, such as Microsoft’s CAE – Continuous Access Evaluation.



Cloud security solutions are making it easier to encrypt and protect information. Follow the guidance from security vendors and security best practices to develop and grow your organization's data protection policies.




About This Blog Series

Follow the full series here: Building Defenses with Modern Security Solutions.

This series discusses a list of key cybersecurity defense topics. The full collection of posts and labs can be used as an educational tool for implementing cybersecurity defenses.



For quick walkthrough labs on the topics in this blog series, check out the story of “ZPM Incorporated” and their steps to implementing all the solutions discussed here.



All topics mentioned in this series have been mapped to several compliance controls here.

David Broggy, Trustwave’s Senior Solutions Architect, Implementation Services, was selected last year for Microsoft's Most Valuable Professional (MVP) Award.

Operational Technology Security Maturity Diagnostic


Latest SpiderLabs Blogs

2024 Public Sector Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies

Trustwave SpiderLabs’ 2024 Public Sector Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies report details the security issues facing public sector security teams as...

Read More

How to Create the Asset Inventory You Probably Don't Have

This is Part 12 in my ongoing project to cover 30 cybersecurity topics in 30 weekly blog posts. The full series can be found here.

Read More

Guardians of the Gateway: Identity and Access Management Best Practices

This is Part 10 in my ongoing project to cover 30 cybersecurity topics in 30 weekly blog posts. The full series can be found here.

Read More