Encryption in Transit

Encryption in transit protects data as it moves between systems, preventing interception by network attackers. It is primarily implemented using TLS for HTTPS, SMTPS, and other protocols. Beyond browser-to-server TLS, encryption in transit also covers service-to-service communication within microservice architectures (mutual TLS or mTLS). Compliance frameworks require encryption in transit for all transmission of sensitive data, including PII, PHI, and cardholder data.

Why it matters for your website

• 1Foundational principle in modern security — harder to retrofit than to build in from the start
• 2Reduces breach impact by limiting what attackers can access if they get in
• 3Required control in ISO 27001, NIST CSF, and most compliance frameworks