Before we understand data-in-transit, a discussion on data-at-rest might be useful. As the name suggests, data-at-rest is data that is ‘stored’ for the long-term. It is data that can be in a cloud storage area, in a database, or in a physical storage device. Typical operation on data at rest is search and retrieval. Data privacy is enforced by controlling CRUD operations on this data.
However, in all practical software based systems, data is always in transit before it reaches a state of rest. Most of the data that is at rest is never used, but when used, there is a retrieval cost associated with it. Widespread requirement for privacy, adoption of stream processing architectures to avoid batch computation cost, online algorithms that can process data in transit, and use of 3rd party API-driven services has created undefined trust boundaries across which data flows. Because data privacy is dealt with differently within these trust boundaries, the onus of ensuring privacy compliance is now confined to within these boundaries.
Let us take an example to see how