When data collects in one place, it is called data at rest. For a hacker, this data at rest — data in databases, file systems, and storage infrastructure — is probably much more attractive than the individual data packets crossing the network. Data at rest in these environments tends to have a logical structure, meaningful file names, or other clues, which betray that this location is where the “money” is — that is, credit cards, intellectual property, personal information, healthcare information, financial information, and so on.
Of course, even data “at rest” actually moves around. For a host of operational reasons, data is replicated and manipulated in virtualized storage environments and frequently “rests” on portable media. Backup tapes are transferred to off-site storage facilities and laptops are taken home or on business trips all of which increases risk. Regardless of whether the information has actually been compromised, organizations can take no chances and must act on a potential breach, which often results in significant cost and, in some cases, mandated public disclosure, corporate embarrassment, and customer dissatisfaction.