Do you encrypt tenant data at rest (on disk/storage) within your environment?

encryption at rest

Encryption at rest ensures that data is encrypted when it is written to a storage medium.  Hard drives or volumes on virtualized storage must be encrypted, and backup tapes also need to be encrypted. It is important to encrypt all removable media, including hard drives and USB sticks.

Why are they asking this?

Encryption of the data at rest ensures that if the drives or tapes were stolen or lost, that the data would not be accessible to whomever is in possession of storage media.

What do they expect?

Organizations dealing with highly sensitive data will require all data stored on non-volatile storage, hard drives, solid state drives, USB drives/sticks, network attached storage, or other such devices needs to be encrypted.  

Most organizations will require devices such as laptops, external hard drives, and USB sticks to be encrypted, as these are the most often lost or stolen devices. 

Additionally, if backup tapes are stored off site, or transported to a different site within the organization, these are also vulnerable to loss or theft and should be encrypted.

What is SecureDawn? How Can We Help?

SecureDawn helps you respond to vendor security questionnaires faster and more consistently. Choose to use our product self-serve or as a managed service supported by domestic security pros that send you completed questionnaires within 2 business days.

Contact Us