Overview#Data At Rest has a file system centric approach towards Encryption, and a data centric approach.
Lets start with the first one.#File system centric approach is not about the data itself, but the storage it is stored in. It is about encrypting disks, partitions and volumes (that span multiple disks or partitions). It is also about an encrypted file in which the actual data is stored in the form of files and folders. And also your temporary files in the hibernation and swap space (pagefile) can be encrypted. These last two are especially important if you want to secure your environment for forensic analyses.
The data-centric approach is the encryption of the data itself. Storing passwords is probably the most common known variant of it. But it is also possible to encrypt entire databases or specific records and/or attributes in a database. The focus here is the data it self, and not the filesystem it is stored on.
There are tons of examples for implementation here to choose from. There is an extensive list of disk encryption software on Wikipedia. When selecting your tool for the job, consider your policy towards Hashing and Encryption. There might be also other corporate policies that state whether you should or should not use open source tools. There is no right or wrong here, other then it is not wise to use software which uses outdated algorithms.
More Information#There might be more information for this subject on one of the following:
- Biometric Data Challenges
- Data Classification
- Data In Process
- Data Loss Prevention
- Data State
- OAuth 2.0 Bearer Token Usage
- Payment Card Industry Data Security Standard
- Security Token
- Web Blog_blogentry_011115_1
- [#1] - Guidelines for building an encryption and hashing policy - part 3 - based on data observed:2015-06-29