---
title: Firehose delivery streams should be encrypted at rest
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > OOTB Rules > Firehose delivery streams should be
  encrypted at rest
---

# Firehose delivery streams should be encrypted at rest
 
## Description{% #description %}

Firehose delivery streams should be encrypted at rest. Server-side encryption protects data via AWS Key Management Service (KMS) before storing data, ensuring sensitive data is not exposed at rest.

## Remediation{% #remediation %}

Enable server-side encryption for your Firehose delivery stream. For more details on data protection in Amazon Data Firehose, see the public [documentation](https://docs.aws.amazon.com/firehose/latest/dev/encryption.html)