What is encryption at rest?

Encryption at rest refers to the cryptographic encoding of data when it is persevered on physical media. Encryption at rest is supposed to protect data from at rest attacks, including attempts to obtain physical media access where the data is stored. In such an attack, a server's hard drive may have been stolen or misplaced, allowing an attacker to recover data from the hard drive by putting it into a compute device of their own. Encryption at rest is designed to prevent critical data access by unauthorized persons by ensuring that the data remains encrypted when it resides on a disk. An attacker can obtain a hard drive with data in an encrypted format, but without access to the encryption keys, they would not be able to decode the data. Encryption at rest is highly recommended and is a high-priority requirement for many organizations, including cloud service providers, to allow them to comply with state law government regulations and industry standards such as HIPAA and PCI. 

Google, Amazon, and Azure Cloud service providers encrypt customer data stored at rest by default, with no additional action required from you.