It is easier to just encrypt everything than it is to analyze how sensitive different aspects of the system are and encrypt only that which is sensitive enough. Hardware support for encryption has made the performance loss of using encryption negligible in most cases. And selecting and making choices just increases the risk of making the wrong choices. Therefore, just enforce ubiquitous encryption: encrypt all data at rest (storage) and data in transit (communication) by default.

If you process sensitive data, especially sensitive personal data, you should consider end-to-end encryption as well. Normal transport-level encryption, such as that provided by TLS, only encrypts data between nodes in the network. To avoid data leaking through compromised nodes, end-to-end encryption can be used.