Encryption at rest protects stored data by converting it into an unreadable format using cryptographic algorithms such as AES-256, ensuring that data on hard drives, solid-state drives, databases, backups and other storage media cannot be accessed without the proper decryption keys. This safeguard is essential for protecting data against physical theft of storage devices, unauthorised access to database files and improper disposal of hardware.
Encryption at rest is a key technical control required by ISO 27001 (Annex A.10), the GDPR (Article 32) and numerous other compliance frameworks. Organisations must also implement proper key management practices—including key rotation, secure storage and access controls for encryption keys—since the security of encrypted data is only as strong as the protection of the keys used to encrypt it.