Access controls and data-at-rest encryption go hand in hand
GDPR and other personal data protection regulations are turning personal data into a "radioactive" asset. Losing control over processing such data can happen either via insider exfiltration (the disgruntled employee scenario) or external compromise (such as ransomware attacks). In any case, the fallout can be very costly, as evidenced by a recent case in Croatia.
Meanwhile, the number of ransomware attacks is constantly increasing, and the attackers are becoming ever more innovative: instead of encrypting data, ransomware operators will nowadays exfiltrate personal data from servers and databases, holding organizations to ransom and threatening public release of stolen data.
Whichever way data is lost (internal or external hack), organizations that have lost control over the processing of personal data are exposed to increasing risks, especially in regulated environments or under the ever tightening GDPR regime.
Another obvious thing to note is that exfiltrated data is always accessed through some kind of privileged access (an IT administrator or a malicious user escalating privileges to admin level).
That's why in environments where sensitive data is stored, imposing an additional layer of access controls and encryption becomes important.
How this looks in practice is in the video below, demonstrating Thales' solution for transparent encryption and data protection: CipherTrust Transparent Encryption (CTE). CTE solves the challenges of data-at-rest encryption in all contexts and platforms: from Windows and Linux file systems, through structured data in SQL databases, to public cloud virtual instances on Azure or AWS.