Network-based encryption

is only one tool for protecting data, however. To ensure they are doing enough to protect their data while it is in transit or at rest, organizations should look at the challenge holistically.
A good place to begin is by asking technology vendors basic but important questions such as:
● How is data protected when it’s in transit?
● How is it protected when it’s at rest?
● Who has access to the data?
● Where is the data stored?
● What is the policy for deleting data, when and if it must be deleted?
Again, these questions are only a starting point for a broader dialogue about data protection that should evolve to include a discussion of topics such as data resiliency and availability.