Selecting the Right Encryption Approach
The Optimal Solution will Vary According to Use Case, Threats Addressed, and Acceptable Deployment Complexity
At the board-room level, data encryption may easily be viewed as a binary matter: data encryption is employed and the company’s assets are secure, or they’re not encrypted and it’s time to panic. However, for the security teams chartered with securing sensitive assets, the realities are not so simple.
When determining which data encryption solution type will best meet your requirements, there are several considerations. At a high level, data encryption types can be broken out by where they’re employed in the technology stack. There are four levels in the technology stack in which data encryption is typically employed: full-disk or media, file system, database, and application.
In general, the lower in the stack that encryption is employed, the simpler and less intrusive the implementation will be. However, the number and types of threats these data encryption approaches can address are also reduced. On the other hand, by employing encryption higher in the stack, organizations can typically realize higher levels of security and mitigate more threats.

Security and deployment complexity increases when implemented higher in the stack