A Natural Law for Digital Data

Digital data provides the strength and vitality of the Information Age. Bits have as much, if not more, value than comparable assets in the physical world. Losing control of proprietary or critical information could have legal, financial or business ramifications.

Digital data completely changes the nature of information. It is easy to accumulate huge amounts of valuable data. One USB thumb drive can contain the information that fills dozens, if not hundreds, of filing cabinets. Digital data is easily replicated so it can be “stolen” yet you still retain it—you don’t know you have lost exclusivity.

The Physics of Digital Data

To gain an understanding of the nature of digital data you can look toward the laws of physics. Through observation and experimentation scientists have created numerous laws, inlcuding “For every action there is an equal and opposite reaction,” and “Energy cannot be created nor destroyed but is instead converted into another form.” There are no explicitly articulated data laws but it is easy to see how creation, usage and deletion of data could be intrinsically thought of in this way. Bruce Schneier in “Applied Cryptography” channeled the space-time continuum when he wrote that “a stored message is a way for someone to communicate with himself through time.”

There is one natural law of digital data that should exist: “Data retains intrinsic value but real value exists only when the data is in use.” This is similar to the concepts of potential energy: Latent energy exists in an object at rest and kinetic energy exists as a result of motion.

To better understand the nature of data and how it relates to the intrinsic and actual value of data, one must understand the fundamental constants of the digital data life cycle and data’s states of existence.

Digital Data Life Cycle

The data life cycle is like all other life cycles, in which an entity passes through a sequence of stages beginning with creation and moving toward the end of life. Data management experts have identified at least six stages of the data life cycle:

  • Generation or creation, when the data is created by some manner such as data entry or is acquired from an external source.
  • Maintenance, when data is stored and prepared so it can be accessed by applications.
  • Active use, when the data is used as part of some operation or function.
  • Sharing, when data is sent to an external source or made available for reuse by another entity.
  • Archiving, when data no longer is relevant to a specific function but is stored for historical or future use.
  • Purging, or the removal of data within a repository. Given the nature of data sharing, not all instances of the data are necessarily deleted.

Data States

Digital data exists in three states which are defined below. It is critical to know which role data exists in because each is handled, used and protected differently.

  • Data in Motion: This is when data is nomadic, actively traveling across a network as a package utilizing various network protocols. It can be an email, a file transferred over FTP, a file passed across the network using TCP or streaming video. Digital data in this state generally exists for a short duration before it transitions into another data state.
  • Data in Use: When data is read, modified or processed by an application, it is in use. This data is generally considered to reside in a temporary state within a computer’s random-access memory (RAM), CPU caches or CPU registers. Cloud service providers will refer to data in use when CPU and memory are utilized.
  • Data at Rest: The vast majority of digital data spends most of its life at rest. Data at rest exists in a stable state while being passively stored on a device or data storage medium in any form. It is inactive; it is not being actively read or processed. Data at rest only transitions to an active state when it is specifically called by an application.

Exists as Both a Solid and a Liquid

It is clear when matter exists as a solid, a liquid or a gas; however, this standard view of matter has been put into question by recent new observations. In April 2019 a new state of physical matter that allows certain elements to simultaneously exist as both a solid and a liquid was identified. In digital data states there can be some ambiguity on what state data exists in at any given time. It is generally clear when data is in motion, but sometimes not as clear whether data is in use or at rest.

This primarily occurs because data at rest, unlike the other two data forms, exists in powered-on and powered-off phases. Data at rest exists when a computer is turned off; thus, it is obviously not available.  When a device is turned on, the data is theoretically available. The ability to retrieve data from a local data storage medium or network-attached storage or cloud repository leads some to argue that this availability moves the state from rest to use.


Digital information is easy to create, copy, modify, replicate and disseminate, but difficult to control or destroy. The natural law of digital data says the true value of data is unlocked when it can be used. For the information to remain valuable, it must be available to those who need it and kept away from those who would misappropriate it.  Skilled and motivated hackers can exploit and monetize any stolen data they can acquire. Data protection is paramount, and optimizing data security requires understanding the different states data occupies and how data transitions between states. Knowing and properly defining the data states allows for a better understanding of how to use and how to protect digital data.

Avatar photo

Charles Kolodgy

“Charles J. Kolodgy is a security strategist, visionary, forecaster, historian, educator, and advisor who has been involved in the cyber security field for over 25 years. He is an Analyst with Accelerated Strategies Group and Principal at Security Mindsets. His views and understanding of information and computer security were shaped during his years at the National Security Agency. During that time he held a variety of analyst and managerial positions within both the information assurance and operations directorates. Following NSA is was a a Research Vice President covering security markets for IDC and then a Senior Security Strategist for IBM Security. Over the years he has identified market trends and authored numerous documents to explain market realities and has been a speaker at many security conferences and events, including the RSA Conference, CIO Conference, CEIG, and IANS. He has been widely quoted in the media. He is best known for naming and defining the Unified Threat Management (UTM) market which continues to be one of the strongest cyber security markets with vendor revenue of $3 billion per year. He has been a leading analyst on software security, encryption, and the human element. Charles holds a B.A. in Political Science from the University of Massachusetts at Lowell and an M.A. in National Security Studies from Georgetown University.”

charles-kolodgy has 15 posts and counting.See all posts by charles-kolodgy