---
title: MSK clusters should be encrypted in transit among broker nodes
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > OOTB Rules > MSK clusters should be encrypted in
  transit among broker nodes
---

# MSK clusters should be encrypted in transit among broker nodes
 
## Description{% #description %}

MSK clusters should encrypt data in transit between broker nodes to prevent eavesdropping on inter-broker communication. Serverless clusters enforce TLS by default; provisioned clusters must have the in-cluster encryption setting enabled.

## Remediation{% #remediation %}

Enable in-cluster encryption when creating or updating the MSK cluster configuration. For guidance, refer to [Amazon MSK encryption in transit](https://docs.aws.amazon.com/msk/latest/developerguide/msk-encryption.html).