Modern cybersecurity threats include the risk of a data breach, which is when an authorized person gains access to your network and steals your enterprise data. Data is a business asset unique to each organization. It can include customer information, business plans, design documents, or code. Protecting the business means protecting its data.

Measures such as firewalls can help prevent a data breach from occurring. However, data encryption can help protect your business data even after a breach occurs. It provides another layer of defense against unintended disclosure. To access encrypted data in the AWS Cloud, users need permissions to use the key to decrypt and need permissions to use the service where the data resides. Without both of these permissions, users are unable to decrypt and view the data.

https://docs.aws.amazon.com/prescriptive-guidance/latest/encryption-best-practices/welcome.html