Selective encryption configuration

What is claimed is: 1. A method, comprising: storing encryption rules and content mappings in memory; intercepting, at an edge encryption proxy, an unencrypted data stream directed to a target device outside of a network on which the edge encryption proxy is located; parsing the unencrypted data stream to identify a candidate sensitive portion of the unencrypted data stream; identifying a rule condition of the encryption rules and a content mapping of the content mappings corresponding to the candidate sensitive portion; determining whether the candidate sensitive portion includes sensitive data using the encryption rules and the content mapping, wherein the content mapping indicates a path to the sensitive data, and wherein the rule condition comprises an operand reference, a relational operator, and a target value; responsive to the candidate sensitive portion including the sensitive data, encrypting the sensitive data; replacing the candidate sensitive portion with the encrypted sensitive data; and transmitting the encrypted sensitive data with remaining portions of the unencrypted data stream to the target device. 2. The method of claim 1 , wherein parsing the unencrypted data stream comprises determining that the candidate sensitive portion pertains to data derived from a configured storage location in the network. 3. The method of claim 2 , wherein the configured storage location comprises a database. 4. The method of claim 2 , wherein the configured storage location comprises a column, field, or table. 5. The method of claim 2 , wherein the configured storage location is defined in the encryption rules. 6. The method of claim 1 , wherein the edge encryption proxy provides a transition from a relatively secured portion including the network to a relatively unsecured portion between the edge encryption proxy and the target device. 7. The method of claim 6 , wherein the relatively unsecured portion comprises the Internet. 8. The method of claim 1 , wherein the encryption rules stored in memory comprise: a selective encryption configuration table storing information about storage locations for the unencrypted data stream; and a communication encryption configuration database storing information about various rules determining when to secure the unencrypted data stream for various transmissions. 9. The method of claim 8 , wherein the memory is located on the network. 10. The method of claim 8 , comprising, receiving at the edge encryption proxy the encryption rules, wherein the memory is located outside the network. 11. The method of claim 1 , wherein receiving the unencrypted data stream includes receiving the unencrypted data stream from an in-network device in the network. 12. The method of claim 1 , wherein encrypting the sensitive data comprises maintaining the sensitive data in the network without the encryption while using the encrypted sensitive data in communications with the target device. 13. The method of claim 1 , comprising: receiving partially encrypted data at the edge encryption proxy; decrypting encrypted portions of the partially encrypted data using the edge encryption proxy; and utilizing the decrypted portions of the partially encrypted data as unsecured data in the network. 14. A tangible, non-transitory, and computer-readable medium having stored thereon instructions, that when executed, are configured to cause one or more processors to: store encryption rules and content mapping in memory; intercept, at an edge encryption proxy, an unencrypted data stream directed to a target device outside of a network on which the edge encryption proxy is located; identify a candidate sensitive portion of the unencrypted data stream as potential sensitive data; identify a rule condition of the encryption rules and the content mapping corresponding to the candidate sensitive portion; determine whether the candidate sensitive portion includes sensitive data using the rule condition and the content mapping, wherein the content mapping indicates a path to the sensitive data, and wherein the rule condition comprises an operand reference, a relational operator, and a target value; responsive to the candidate sensitive portion including the sensitive data, encrypt the sensitive data; replace the candidate sensitive portion with the encrypted sensitive data; and transmit the encrypted sensitive data with remaining portions of the unencrypted data stream to the target device. 15. The tangible, non-transitory, and computer-readable medium of claim 14 , wherein the encryption rules stored in memory comprise: a selective encryption configuration table storing information about storage locations for the unencrypted data stream; and a communication encryption configuration database storing the rule condition. 16. The tangible, non-transitory, and computer-readable medium of claim 14 , wherein determining whether the candidate sensitive portion includes the sensitive data using the rule condition comprises: identifying the rule condition matching the candidate sensitive portion of the unencrypted data stream based on the operand reference; and determining that the rule condition is met in the unencrypted data stream on a condition of the candidate sensitive portion having a relationship to the target value, wherein the relationship is by the relational operator. 17. The tangible, non-transitory, and computer-readable medium of claim 14 , wherein the rule condition comprises communication of the unencrypted data stream is to take place over hypertext transfer protocol using at least one of a type of communication, a uniform resource locator, and request method indicated in the encryption rules. 18. A system comprising: one or more processors; and a memory storing instructions that, when executed, are configured to cause the one or more processors to: store encryption rules in a table storing information indicating secured memory locations that are to be secured in communications outside of a network; intercept, at an edge encryption proxy, an unencrypted data stream directed to a target device outside of the network including data derived from the secured memory locations, wherein the edge encryption proxy is located in the network; identify a rule condition of the encryption rules and a content mapping, wherein the rule condition comprises an operand reference, a relational operator, and a target value; identify at least a portion of the unencrypted data stream derived from the secured memory locations as containing sensitive data using the rule condition and the content mapping indicating a path to the sensitive data; encrypt the data derived from the secured memory locations using the encryption rules; replace unencrypted data from the secured memory locations with the encrypted data to form a partially encrypted stream with portions of the unencrypted data stream not derived from the indicated secured memory locations; and transmit partially encrypted stream to the target device. 19. The system of claim 18 , wherein the secured memory location comprises a column, field, or table.