Data at rest is a term that refers to data stored on a device or backup in any form. It can be data stored on hard drives, backup tapes, in offsite cloud backup, or even on mobile devices. What makes it data at rest is that it is inactive data that is not currently being transmitted across a network or actively being read or processed. Data at rest is data that has reached a destination (even if only temporarily). At the destination, there can be additional layers of security added to it, such as encryption, multi-factor authentication, and both digital and physical access controls. Data at rest should almost always be encrypted.
Data in use is data that is being processed by one or more applications. It also includes data being viewed by users accessing it through various endpoints. Data in use is susceptible to different kinds of threats depending on where it is in the system and who is able to use it. The most vulnerable point for data in use is at the endpoints where users are able to access and interact with it.
Protecting data in use is a challenging task since there is such variety in the ways the data can be accessed and manipulated. One set of data can potentially have multiple users working with it from multiple endpoints.
Data In Motion is often defined as it is in preparation of transmission on or within the server itself but not transiting off of the servers. Sometimes it refers to data in motion between servers when the connection between servers is a direct private connection such as data moving from server to SAN/NAS, but not over a traditional LAN.
Data In Transit is often defined as data moving outside of the server such as between client and server, server to server, web app server to DB server and vice / versa.
Wherever data is moving, effective data protection measures for in-transit data are critical as data is often considered less secure while in motion. When the data in motion is confidential, it may be appropriate to encrypt the data at rest prior to sending it. Be sure to consider controls between Source and Destination (e.g., firewall, VPN, etc.) and be aware of key scenarios such as On-Premise to Cloud, or Cloud-to-Cloud, or 3rd Party paths.