Data at rest can be compromised in multiple ways:
- Someone can steal the disks
- Data can be transferred to a different medium
The most popular method is disk-level encryption. This encrypts the whole disk. This is known as the broad-brush approach; it is not very efficient, though. The reason being all of the data on the disk does not have the same level of sensitivity. Let's take an example of a customer's data. There is some data which no one, except the authorized user, should ever be able to see, such as social security number (SSN). There is other information, such as a customer's address, which is still private but is not personally identifiable information (PII).
To encrypt at a finer level of granularity, column level and row level encryption works best. The reliability of encryption also depends upon the algorithm being used. Advanced encryption standard (AES) is the default algorithm that comes in two flavors—128 bits and 256 bits—depending upon the size of the encryption keys.