Encryption at Rest vs In Transit: What Every Developer and CISO Must Know

Q: Which compliance frameworks require both types of encryption?

ISO 27001 requires both under Annex A.10.1 (Cryptography). SOC 2 requires both under CC6.1 and CC6.7. HIPAA requires both as technical safeguards (164.312(a)(2)(iv) for at rest, 164.312(e)(1) for in transit). GDPR requires appropriate technical measures including encryption under Article 32. PCI DSS requires both for cardholder data. The DPDP Act requires reasonable security safeguards that are widely interpreted to include encryption.

of breached data was unencrypted at rest
Verizon DBIR 2024

major compliance frameworks that explicitly require both encryption types
ISO 27001, SOC 2, HIPAA, GDPR, PCI DSS, DPDP

0-bit

AES key length ,the gold standard for encryption at rest
NIST FIPS 197

The Core Difference

The confusion between encryption at rest and encryption in transit comes from treating "encryption" as a single thing rather than two distinct security controls that address different threat scenarios. Understanding the difference starts with asking: where is the data when it is at risk?

🗄️

Encryption at Rest

Protects data while it is stored
Databases, hard drives, SSDs, backups
Defends against physical theft of hardware
Defends against unauthorised storage access
Algorithm: AES-256-GCM
Keys managed separately from data

📡

Encryption in Transit

Protects data while it is moving
APIs, HTTPS, database connections, gRPC
Defends against man-in-the-middle attacks
Defends against network packet sniffing
Protocol: TLS 1.3 (minimum: TLS 1.2)
Certificates managed via PKI / CA

The critical point: these two controls protect against completely different attack scenarios. A perfectly encrypted database is no protection against a man-in-the-middle attack intercepting your API calls. A perfectly encrypted HTTPS connection provides no protection if an attacker physically removes the hard drive from your server. You need both.

Encryption at Rest ,What You Need to Know

Encryption at rest converts stored data into ciphertext that is unreadable without the correct decryption key. When implemented correctly, it means that even if an attacker gains physical access to your storage media ,or gains access to raw storage files ,they cannot read the data without the key.

Modern cloud environments make encryption at rest easier than ever. AWS, Azure, and GCP all offer native encryption for their storage services ,S3, EBS, RDS, and database services can all have encryption enabled with a single configuration change. The most common mistake is simply not enabling it, or enabling it only on production systems while leaving development and staging environments unencrypted.

⚠️

The Development Environment Trap

Organisations frequently encrypt production databases but leave development and staging environments with real customer data unencrypted. For ISO 27001 and GDPR compliance, encryption requirements apply to any environment that holds personal or sensitive data ,not just production.

Database encryption at rest ,AES-256 ensures data stored on disk is unreadable without the decryption key, even if storage media is physically compromised.

Encryption in Transit ,What You Need to Know

Encryption in transit uses TLS (Transport Layer Security) to create an encrypted channel between two communicating parties. All data sent through this channel is encrypted before transmission and decrypted only at the destination, meaning an attacker intercepting packets on the network sees only meaningless ciphertext.

The most common implementation of TLS in transit is HTTPS ,the padlock in your browser confirms a TLS connection is active. But encryption in transit extends well beyond web traffic. Database connections, internal microservice communication, message queues, and file transfers all need TLS.

🚨

Internal Traffic Is Not Safe by Default

Many organisations correctly enforce TLS on external-facing APIs but leave internal service-to-service communication unencrypted, assuming their internal network is secure. In a cloud environment with shared infrastructure, or after an internal compromise, unencrypted internal traffic is readable. Zero Trust architecture principles require encryption everywhere ,not just at the perimeter.

Which Algorithms to Use

Algorithm selection is not a matter of preference ,it is a compliance requirement. Here is what auditors expect to see and what you should never use.

Recommended

AES-256-GCM

Gold standard for at-rest encryption. FIPS 140-2 approved, required by HIPAA and FedRAMP, accepted by all major frameworks. GCM mode provides both encryption and authentication.

Recommended

TLS 1.3

Current standard for in-transit encryption. Faster handshake, stronger cipher suites (ChaCha20-Poly1305, AES-256-GCM), no legacy cipher support. Use for all new implementations.

Acceptable

TLS 1.2

Minimum acceptable standard for in-transit encryption. Still widely used and supported by auditors, but TLS 1.3 is strongly preferred. Ensure only strong cipher suites are enabled.

Acceptable

AES-128-GCM

Acceptable for at-rest encryption where AES-256 is not feasible due to performance constraints. Some frameworks explicitly require 256-bit ,check your specific compliance target.

Deprecated

TLS 1.0 / 1.1

Cryptographically broken. Disabled by PCI DSS since 2018. Flagged as a finding by every CSPM tool and security scanner. Must be disabled across all endpoints ,no exceptions.

Deprecated

DES, 3DES, RC4, MD5

All are cryptographically broken and will result in immediate compliance failures. If any of these appear in your environment they represent a critical finding requiring immediate remediation.

Compliance Framework Requirements

Every major framework requires both types of encryption. Here is exactly which controls apply and what evidence auditors will ask for:

Framework	At Rest Requirement	In Transit Requirement	Evidence Required
ISO 27001	Annex A.10.1 ,Cryptographic controls	Annex A.13.2 ,Information transfer	Encryption policy, key management procedure, configuration evidence
SOC 2	CC6.7 ,Encryption of data at rest	CC6.6 ,Encryption of data in transit	Configuration screenshots, tool reports, tested controls
HIPAA	164.312(a)(2)(iv) ,Encryption	164.312(e)(1) ,Transmission security	Risk assessment, encryption implementation documentation
GDPR	Article 32 ,Technical measures	Article 32 ,Technical measures	DPIAs, encryption policy, incident response capability
PCI DSS	Req 3.4 ,Render PAN unreadable	Req 4.2 ,Protect PAN in transit	Encryption configuration, key custodian records
DPDP Act	Section 8(5) ,Reasonable safeguards	Section 8(5) ,Reasonable safeguards	Security policy, control implementation records

Key Management ,The Part Most Teams Get Wrong

Encryption is only as strong as the security of the keys used to encrypt and decrypt data. The most common and most catastrophic key management mistake is storing encryption keys in the same location as the encrypted data ,which makes the encryption entirely pointless.

1
Use a dedicated Key Management ServiceAWS KMS, Azure Key Vault, GCP Cloud KMS, or HashiCorp Vault for self-hosted environments. Never store keys in application code, environment variables, configuration files, or the same database as the encrypted data.
2
Implement key rotationEncryption keys should be rotated on a defined schedule ,annually at minimum, quarterly for high-sensitivity data. AWS KMS supports automatic annual rotation. Manual rotation procedures must be documented and tested.
3
Maintain an audit trail of key usageEvery key operation ,creation, use, rotation, deletion ,should be logged. AWS CloudTrail automatically logs KMS key usage. This log is often the first thing a forensic investigator asks for after a breach.
4
Implement envelope encryptionUse data encryption keys (DEKs) to encrypt data, and key encryption keys (KEKs) to encrypt the DEKs. This allows efficient key rotation without re-encrypting all data ,only the DEK needs to be re-encrypted with the new KEK.

Common Encryption Implementation Mistakes

These are the findings that appear most consistently in security assessments ,and the ones most likely to result in a compliance gap or a breach.

✗
Storing keys next to encrypted dataEncrypting an S3 bucket with a KMS key stored in the same AWS account without access controls is only marginally better than no encryption. Use separate accounts, strict IAM policies, and KMS key policies that limit access to only the services that need it.
✗
Leaving TLS 1.0/1.1 enabledOld TLS versions remain enabled by default on many load balancers and web servers. Every CSPM scan and penetration test will flag this. Audit your TLS configuration across all public and internal endpoints and disable deprecated versions.
✗
Not encrypting database connectionsApplication-to-database connections are frequently left unencrypted, especially for internal databases. If someone gains access to your network ,via a compromised instance or a lateral movement attack ,all database queries are readable in plaintext.
✗
Hardcoding encryption keys in application codeOne of the most common findings in code reviews ,encryption keys committed to version control or stored in environment variables that are logged. Use a secrets manager. If a key has ever been in your git history, rotate it immediately.

Frequently Asked Questions

What is the difference between encryption at rest and encryption in transit?▾

Encryption at rest protects data while it is stored ,on a hard drive, SSD, database, or cloud storage. It defends against physical theft, unauthorised server access, and storage layer breaches. Encryption in transit protects data while it is moving ,between a client and server, between microservices, or across a network. It defends against interception, man-in-the-middle attacks, and network eavesdropping. Both are required by virtually every major compliance framework.

Which encryption algorithms should I use?▾

For data at rest: AES-256 is the gold standard. It is FIPS 140-2 approved, required by HIPAA and FedRAMP, and accepted by ISO 27001 and SOC 2 auditors. For data in transit: TLS 1.2 is the minimum acceptable standard; TLS 1.3 is strongly recommended for new implementations. TLS 1.0 and 1.1 are deprecated and should be disabled. Never use DES, 3DES, RC4, or MD5 ,these are cryptographically broken.

Does encryption at rest protect against a data breach?▾

Encryption at rest protects against specific attack scenarios: physical theft of hardware, unauthorised access to storage media, and breaches at the storage layer. It does not protect against breaches where an attacker gains access to a running application with valid credentials ,in that case, the data is decrypted as part of normal operation. This is why encryption at rest must be combined with strong access controls and encryption in transit.

What is key management and why does it matter for encryption?▾

Encryption is only as strong as the security of the keys used to encrypt and decrypt data. Key management covers how keys are generated, stored, rotated, and revoked. The most common mistake is storing encryption keys in the same location as the encrypted data ,which defeats the purpose entirely. Use a dedicated Key Management Service such as AWS KMS, Azure Key Vault, or HashiCorp Vault. Rotate keys on a defined schedule and maintain an audit trail of key usage.

Which compliance frameworks require both types of encryption?▾

ISO 27001 requires both under Annex A.10.1 and A.13.2. SOC 2 requires both under CC6.7 and CC6.6. HIPAA requires both as technical safeguards. GDPR requires appropriate technical measures including encryption under Article 32. PCI DSS requires both for cardholder data. The DPDP Act requires reasonable security safeguards widely interpreted to include encryption.