Encrypt data on the wire (TLS) and on disk (at-rest) so neither a network eavesdropper nor a stolen drive yields plaintext.
Encrypt a message and send it. See what the eavesdropper gets.
Encryption scrambles data with a key so only someone with the right key can read it. In transit (TLS) it stops eavesdroppers on the network; at rest it protects data if the disk is stolen. Anyone in the middle sees only ciphertext, which is useless without the key.
Plain English: encryption in transit (TLS/HTTPS) scrambles data while it travels the network so eavesdroppers can't read it. Encryption at rest scrambles data sitting on disk so a stolen drive or leaked backup is useless. You need both, since they protect against different attackers.
Two complementary protections. Encryption in transit secures data moving over a network (TLS for HTTP, mTLS between services) so anyone sniffing the wire sees ciphertext. Encryption at rest secures stored data (disk/volume encryption, database/field-level encryption, encrypted backups) so anyone who obtains the physical media or files can't read them. Symmetric crypto (AES) does the bulk work; asymmetric crypto and key management handle key exchange and rotation.
Data is exposed in two places: while moving and while sitting still. A network attacker can intercept unencrypted traffic; a thief, insider, or misconfigured bucket can expose unencrypted storage. In-transit encryption defeats eavesdropping and tampering on the wire; at-rest encryption defeats stolen-disk, leaked-backup, and snapshot-exposure scenarios. Compliance regimes (PCI-DSS, HIPAA, GDPR) generally mandate both.
In transit: TLS does an asymmetric handshake to authenticate the server (via certificates) and agree a symmetric session key, then encrypts the stream with AES; mTLS adds client-cert authentication for service-to-service. At rest: data is encrypted with a symmetric data key before hitting disk; that data key is itself encrypted by a master key held in a KMS/HSM (envelope encryption), enabling rotation without re-encrypting everything. Sensitive fields can be encrypted at the application layer so even the database never sees plaintext.
TLS on every API call plus at-rest encryption of card data in the ledger; both are hard PCI-DSS requirements
End-to-end encryption means messages are encrypted on the sender's device; even the server stores only ciphertext in transit and at rest
Server-side encryption with KMS-managed keys encrypts every object at rest; TLS protects it in transit to and from the store
An attacker stole Heroku's GitHub OAuth tokens and downloaded private repos for 7 weeks undetected.
In April 2022, GitHub notified Heroku that OAuth tokens from Heroku's GitHub integration had been used to access private repositories, including Salesforce's own internal infrastructure repos. The attacker got the tokens from an internal Heroku database. They'd been stored with insufficient encryption and the attacker had access for roughly 7 weeks before detection. Because the access pattern (a token reading repos it had authorized access to) looked like normal OAuth usage, existing monitoring never flagged it. Heroku revoked all OAuth tokens, breaking GitHub integrations for every Heroku customer. The lesson: OAuth tokens at rest are secrets. Encrypt them with envelope encryption and rotate them. Anomaly detection for authorization must use behavioral baselines, not just permission checks.
An expired TLS certificate silently broke Zoom for millions of users for 2 hours before anyone noticed.
In August 2020, a TLS certificate used by Zoom's authentication infrastructure expired without being renewed. Certificate expiry doesn't produce a loud failure. Clients simply can't establish a TLS handshake and get a connection error. For users, this looked like the Zoom app failing to log in or freezing on the meeting join screen. Because the failure was a silent TLS error rather than an obvious application exception, Zoom's monitoring didn't alert for nearly 30 minutes. 300M daily users were affected. The lesson: certificate expiry is one of the most predictable outages in existence. Monitor cert expiry as an SLO metric. Alert at 30 days, page at 7, and auto-renew by default. Let's Encrypt and AWS ACM exist precisely to make manual renewal unnecessary.
Encryption comes up as a standard checklist item in any system design with sensitive data. The signal is knowing that in-transit and at-rest protect against different attackers: TLS defeats a network eavesdropper, at-rest encryption defeats a stolen disk. Show you know key management is the real challenge by mentioning envelope encryption and a KMS so you don't store data keys next to the data. Candidates lose points by just saying 'use HTTPS' without addressing at-rest encryption for stored sensitive data.