S6. Use encryption wherever it is available

Cloud platforms typically provide options to encrypt data at rest and in transit. These features typically require little to no administrative effort, and are often available at no additional cost. Employ these features wherever they are provided as an option.

Encryption features may provide advanced options to control and manage the keys used to perform encryption, and these options may provide a greater level of assurance that data confidentially is protected. However, even the default options for key management are better than none, and should be used in the absence of guidance or more advanced approaches to key management.