What is a common technique for protecting data at rest?

Encryption is a common technique for protecting data at rest because it transforms data into a format that is unreadable to unauthorized users. This process ensures that even if an attacker gains physical access to the storage medium, they would be unable to interpret the data without the appropriate decryption key. Implementing encryption secures sensitive information by making it less vulnerable to theft, misuse, or unauthorized access, thereby maintaining data confidentiality.

Access control lists help manage who can access certain data but do not inherently protect the data itself if access is gained. Network segmentation focuses on dividing networks to improve performance and security, which is critical for protecting data in transit, but does not specifically address data at rest. Two-factor authentication is a security measure that adds an extra layer of verification for users accessing systems, but like access control, it does not protect the data physically stored on devices.