Hey bee lovers and space explorers. Just as honey is so important to a bee, customer data is very important to your application. Handling customer data without thinking ahead on how to secure it can impact credibility of your organization and your company. As bees citizens are more connected because we bring the Internet to mark, more applications and system or Mars are producing data, storing data, and are changing data. In this video, we are focusing on how you can reduce the risk of unauthorized access or exposure of customer data when it's in transit between system and service. The first thing to do is to define requirements for data protection in transit. Based on legal and compliant requirements, you classify data into multiple categories which is dependent on sensitivity level of the data. Then you apply encryption standards to the right category. For example, historical weather data is consider public data. So you don't have to require encryption in transit when working with this data. However, customer credit card information is highly confidential data, thus you want to make sure is encrypted in transit. You also need to authenticate network communications. So that includes verifying the identity of communications by using protocol such as Transport Layer Security or TLS in short or using IPSec. Internet Protocol Security or IPSec is a protocol for intrinsic data protection between host. It is a protocol to protect communication at the network layer which is layer three of the OS I model. IPSec can be implemented when you set up virtual private network or VP N to create a secure connection between your VPC and on-premises Network. Transport Layer Security or TLS is a set of industry standard cryptographic protocols used for encrypting information at the transport layer which is layer four of the OSI model. TLS is the successor of secure sockets layer SSL, but SSL and TLS use X.509 certificate to authenticate the server. Both SSL and TLS negotiate a symmetric key between the client and a server that are used to encrypt data flowing between two entities. You should use HTTPS instead of HTTP for data transmission. HTTPs use SSL, TLS protocol to prevent eavesdropping, unauthorized alterations, and unauthorized copying of your data. All AWS services provide API endpoints that allow you to establish secure HTTPS communication sessions. For your web application, you can choose to terminate the encryption at the application layer or at the load balancer layer. You want to make sure you store X.509 certificates securely and rotate them with strict access control. The good news is, you can use it via Certificate Manager or ACM to do this. ACM handles the complexity of creating and managing public SSL and TSL certificate for your website and applications. You can use public certificates provided by ACM called ACM certificates or certificate that you import into ACM. That's all I have for this video. Bees, see you soon. Buzz, buzz, buzz, buzz.