Many enterprises are concerned about the cybersecurity threat of a data breach. When a data breach occurs, an unauthorized person gains access to your network and steals enterprise data. Firewalls and anti-malware services can help protect against this threat. Another protection that you can implement is data encryption. In the About data encryption section of this guide, you can learn more about how data encryption works and the types available.
When you’re discussing encryption, generally speaking, there are two types of data. Data in transit is data that is actively moving through your network, such as between network resources. Data at rest is data that is stationary and dormant, such as data that is in storage. This strategy focuses on data at rest. For more information about encrypting data in transit, see Protecting data in transit (AWS Well-Architected Framework).
