Request Demo Contact Login
Why eperi®
Why eperi®
Use Cases
Use Cases
By Use Cases
By Industries
Info Hub
Info Hub
Partners
Partners
Inside eperi®
Inside eperi®
Request Demo
eperi® sEcure
Secure data in all cloud and web applications
eperi Logo
By Use Cases
AnyApp
Protect your data in web applications with comprehensive encryption and meet compliance requirements.
Microsoft 365
Secure your sensitive data in Microsoft 365 products against unauthorized access and ensure data protection and compliance.
SDK
Use the eperi® sEcure SDK to protect data in almost any cloud platform and open up new business potential.
By Industries
Finance
Ensure maximum data security and comply with DORA regulations with eperi® sEcure for the financial sector.
Healthcare
Protect patient data in the cloud and meet legal requirements for IT security in the healthcare sector with eperi® sEcure.
Public Sector
Secure sensitive data in public administration and meet the requirements of the NIS-2 directive with eperi® sEcure.
Mehr erfahren
eperi Logo
Newsroom
Stay up to date with our latest blog posts, press releases, press reports and event announcements.
References
Discover selected references for various use cases and industries.
FAQ
Our eperi® sEcure FAQ page provides detailed answers about data protection and encryption for businesses. Find out more about product specifications, compliance support and industry-specific solutions for the optimal protection of sensitive data.
Unsere kostenlosen Whitepaper downloaden
eperi Logo
Our Partners
Benefit from the eperi® Partner Network and receive comprehensive support for secure and legally compliant cloud projects.
Become a Partner
Increase your customer loyalty and differentiate yourself with our patented data protection solutions for SaaS and cloud applications.
eperi Logo
What eperi® does
What makes eperi® unique
Memberships
Find out more about our involvement in various associations and organizations
Careers
eperi® - come for the job, stay for the team
eperi Logo

Data-at-Rest, in-Transit & in-Use: Understanding and Applying Encryption Holistically

Data encryption protects sensitive information – but many companies only secure storage and transmission. For true data security, however, the third layer is critical: data-in-use, the protection of information during processing.

9 min

The Three Layers of Data Encryption – and Why Data-in-Use Makes the Difference


Data encryption is a cornerstone of modern IT security. Yet many solutions only address storage and transmission, leaving a critical gap: the processing layer. This is precisely where modern threats arise, especially in cloud and SaaS contexts.
That’s why we’re covering this topic in our Cybersecurity Academy as part of Cybersecurity Awareness Month – to shed light on the different layers of encryption.
Distinguishing between data-at-rest, data-in-transit, and data-in-use is key to identifying and closing security gaps.

1. Data-at-Rest: Encrypting Stored Data


Definition:
Data-at-rest includes all data stored in a static state – on hard drives, databases, or cloud storage.

Objective:
Prevent unauthorized access in cases of loss, theft, or physical access to the storage medium.

Limitations:
In running systems, most data exists in plaintext. Attackers with privileged access (e.g., insiders or compromised admins) can still view it.

2. Data-in-Transit: Encrypting Data in Transmission


Definition:
Data-in-transit refers to data transferred across networks (e.g., the internet, VPN, internal networks).

Objective:
Protect against eavesdropping, man-in-the-middle attacks, or manipulation during transfer.

Technologies:
TLS/SSL (HTTPS), VPN, SFTP

Limitations:
Once data reaches its destination, it is decrypted – and thus once again available in plaintext.

3. Data-in-Use: Encrypting Data During Processing


Definition:
Data-in-use refers to data currently being processed, displayed, or used – for instance in a web app, CRM system, or AI model.

Challenge:
Conventional encryption does not cover this phase. Data must be decrypted to be processed – creating new attack vectors.

Modern Approaches:

  • Selective Encryption:
    Critical fields (e.g., IBAN, customer names, health data) are encrypted specifically. Applications remain fully functional – even with encrypted content.
  • Trusted Execution Environments (TEE):
    Data is processed in specially secured hardware environments inaccessible even to administrators. Particularly relevant for public cloud environments.

eperi® sEcure: Protection Up to the Usage Layer


eperi® sEcure addresses all three layers of encryption in a single integrated solution:

  • Data is encrypted before it reaches the cloud
  • Cleartext access by third parties – including SaaS providers – is prevented
  • The solution remains transparent for users and applications

Compatible with: Microsoft 365, Salesforce, ServiceNow, Hubspot, and more
Helps achieve compliance with: GDPR, DORA, PCI-DSS, ISO/IEC 27001, PII

Why Data-in-Use Encryption Is Critical for True Data Security


Many companies rely on transport and storage encryption. But modern attacks focus on the moment of data usage. In cloud environments – where applications are centrally hosted and data is processed collectively – this is the greatest vulnerability.

Only by actively protecting data-in-use can organizations achieve:

  • Security control across the entire data lifecycle
  • Minimization of zero-day risks and insider threats
  • Compliance with regulations that require processing security

FAQ: The Three Layers of Encryption Explained Simply


What is the difference between data-at-rest, in-transit, and in-use?

  • At-rest: storage
  • In-transit: transfer
  • In-use: processing
    Each requires distinct protection mechanisms.

Why is data-in-use the most critical area?
Because this is where data must be available in plaintext – unless modern techniques like selective encryption or TEE are applied.

How does eperi® sEcure help?
Through client-side, field-level encryption before data reaches the cloud. Even when using SaaS applications, data remains confidential – without loss of functionality.

Did you like this article?


Then like it now or share it with colleagues, business partners, and friends.

Email
Facebook
LinkedIn
X

Knowledge that protects – your next step toward greater data security

On our download page, you will find free white papers and fact sheets on data protection, data encryption, and compliance – specifically for IT managers and decision-makers.

Get concise knowledge, strategic recommendations, and practical tips to effectively protect your data and securely comply with regulatory requirements such as GDPR, NIS2, and DORA.

Inform now & download free of charge
Datenschutzeinstellungen