Encryption in Transit

Definition

Protecting data while it's being transmitted between systems or locations, safeguarding sensitive information from unauthorized access.

Use Cases

Provider Equivalents

Frequently Asked Questions

What's the difference between encryption in transit and encryption at rest?
Encryption in transit protects data while it moves across a network (for example, HTTPS between your browser and a website). Encryption at rest protects data stored on disks or in databases (for example, encrypted database files or encrypted object storage). Many secure systems use both.
When should I use encryption in transit?
Use it whenever data crosses a network you don’t fully control or trust—especially the public internet—and whenever you transmit sensitive data like passwords, payment details, personal data, API tokens, or internal service calls. In practice, most web apps should default to TLS everywhere (HTTPS for users, TLS/mTLS for service-to-service traffic).
How much does encryption in transit cost?
TLS encryption usually has no direct per-request fee, but it can add some CPU overhead for handshakes and encryption, which may slightly increase compute costs at high traffic. Certificate costs vary: many managed certificate services offer free public certificates for common use cases (often when integrated with load balancers/CDNs), while private CA, advanced certificate management, or high-volume/enterprise features can add charges. Network and load balancer pricing is typically separate from encryption.

Category: security

Difficulty: intermediate

Related Terms

See Also