Data At-Rest encryption is designed to protect data only when it’s not in use, but servers boast 99.95% up-time and hackers only target running computers.
This month (June 2026) concluded our recent roll-out of a range of security enhancements. It was a major (read costly) undertaking but one we felt was essential to continue our lead as the best transcription service in Australia. The biggest part of this update was our implementation of Data In-Use encryption.
OutScribe has a long history of security credibility. In 2005 we were among the first Australian online transcription providers and we chose to take the more expensive path and exceed security expectations of the time, even though clients weren’t asking the hard questions.
For example, we enforced in-transit encryption when many did not. We never emailed transcripts when it was common practice and we never stored data outside of Australia. Nor have we ever employed non-Australian residents, all of which would have been cheaper alternatives.
Encouragingly, organisations are becoming more cautious around what information service providers hold and how they keep it safe. This year we have responded to countless security questionnaires and to date have only ever been asked if we use Data “At-Rest” encryption. So why then would we choose to implement a more costly and complex “in-use” encryption method that no one is asking for? Because they are nothing alike.
If you think we’re kidding about the disparity of people’s interest regarding at-rest to in-use encryption then compare Google’s global search trends for these terms and you can see the stark difference. Firstly note the correlation between full disk encryption (yellow) and ‘at-rest’ encryption (red). This is because they are essentially one and the same. Now note the constant rarity of searches for data “in-use” encryption (blue). Why? Because in-use is more complex, costly and probably not as well understood.
The difference between at-rest and in-use encryption is huge!
At-rest encryption protects data when the data is not being used (at-rest) – when the machine is turned off or data copies (backups) are moved off the machine. This is a good level of protection if your hard-drive is stolen or a hacker manages to get copies of your backups.
However, it offers zero protection while data is being used (in-use), which is pretty much 100% of time when it comes to company servers. Of course hackers target running servers and if they successfully gain access all that data is unencrypted and can be read and copied. Ouch!
Why is Data At-Rest so popular?
Data At-Rest uses full disk encryption (FDE), or file-system level encryption, which delivers a “transparent encryption” experience. Software programs and their developers can simply ignore encryption since it’s handled elsewhere. Transparent encryption is easier, cheaper and user friendly which is why it’s used broadly in systems like Windows BitLocker, Mac FileVault, and Linux LUKS. They do deliver and they have their place.
However, Data In-Use encryption differs in that the data is encrypted within the operating system and when data needs to be read it decrypts just the needed data to memory momentarily. So data remains constantly encrypted even while “in-use”, but it makes software development more difficult and this equates to increased cost.
What’s the take-away?
Generally hackers will target companies’ public facing servers to find exploitable vulnerabilities and get through multiple layers of defence (if built correctly) and if they successfully get server access it’s most likely they get full readable data even on at-rest encrypted servers.
But if that server uses ‘in-use’ encryption the data remains unreadable and useless to them unless they can obtain the decryption key and our data server doesn’t have this key!
This is why we took the harder path - we use in-use encryption over all files, including audio recordings and transcriptions, as well as our database. Plus we don’t hold data we don’t need and even the data we do hold gets destroyed unless clients subscribe to the repository service.
Register with OutScribe and get the best data protection any Australian transcription service can offer.
