In many countries the encryption and protection is a legal obligation. And for government tenders it’s an absolute must. Encryption can be implemented on many levels :
- Transport layer encryption: this function comes out-of-the-box when using MQTT, but that’s not the case when using TCP. When using GATT, theoretically it also comes out-of-the-box, but most hardware implementations are so bad, they simply can hardly be considered thrustworthy. Which brings us immediately to the next security level :
- Application layer encryption: here, messages are encrypted before they are transported and decrypted after coming off of the transport layer.
The application layer is only implemented upon request by customers. Bigger projects or Government projects tend to use 2G/3G/4G/5G networks, who encrypt themselves (using VPN)