Selective Encryption Configuration

What is claimed is: 1 . A method for encoding a partially encrypted data stream, the method comprising: receiving, at an edge encryption proxy, an unencrypted data stream; evaluating the unencrypted data stream using communication encryption rules, wherein each communication encryption rule from the communication encryption rules includes a rule condition and a content mapping, and wherein evaluating the unencrypted data stream using the communication encryption rules includes: determining whether the rule condition matches on the unencrypted data stream, and on a condition that the rule condition matches on the unencrypted data stream: identifying a portion of the unencrypted data stream corresponding to the content mapping as a candidate sensitive portion; identifying a data storage container based on the content mapping; identifying data encryption configuration information corresponding to the data storage container; on a condition that the data encryption configuration information indicates that the data storage container is configured for storing sensitive information: identifying the candidate sensitive portion as a sensitive portion, generating an encrypted portion by encrypting the sensitive portion, including a preceding portion of the unencrypted data stream in a partially encrypted data stream, the preceding portion preceding the sensitive portion in the unencrypted data stream, including the encrypted portion in the partially encrypted data stream subsequent to the preceding portion, and including a subsequent portion of the unencrypted data stream in the partially encrypted data stream subsequent to the encrypted portion, the subsequent portion subsequent to the sensitive portion in the unencrypted data stream; and transmitting or storing the partially encrypted data stream. 2 . The method of claim 1 , wherein the unencrypted data stream includes an indication of a recipient of the unencrypted data stream, and wherein transmitting or storing the partially encrypted data stream includes transmitting the partially encrypted data stream to the recipient. 3 . The method of claim 1 , wherein receiving the unencrypted data stream includes receiving the unencrypted data stream from a device in a network domain, wherein the edge encryption proxy is in the network domain. 4 . The method of claim 3 , wherein transmitting or storing the partially encrypted data stream includes transmitting the partially encrypted data stream to an external device in a different network domain. 5 . The method of claim 4 , wherein transmitting the partially encrypted data stream to the external device includes transmitting the partially encrypted data stream to the external device such that the encrypted portion is stored by the external device as encrypted data. 6 . The method of claim 3 , wherein transmitting or storing the partially encrypted data stream includes transmitting the partially encrypted data stream to an external device in a different network domain, the method further comprising: receiving a second partially encrypted data stream from the external device, the second partially encrypted data stream indicating a recipient in the network domain and including the encrypted portion and unencrypted input portions; generating a decrypted portion by decrypting the encrypted portion; generating a decrypted data stream including the decrypted portion and the unencrypted input portions; and transmitting the decrypted data stream to the recipient in the network domain. 7 . The method of claim 1 , further comprising: receiving information configuring the communication encryption rules. 8 . The method of claim 1 , further comprising: receiving information configuring the data encryption configuration information. 9 . The method of claim 8 , wherein the unencrypted data stream includes an indication of a recipient of the unencrypted data stream, wherein transmitting or storing the partially encrypted data stream includes transmitting the partially encrypted data stream to the recipient, and wherein receiving information configuring the data encryption configuration information includes synchronizing the data encryption configuration information with the recipient. 10 . The method of claim 1 , wherein the rule condition indicates an operand reference, a relational operator, and a target value, and wherein determining whether the rule condition matches on the unencrypted data stream includes: identifying a rule condition matching portion of the unencrypted data stream based on the operand reference; and determining that the rule condition matches on the unencrypted data stream on a condition a relationship between the rule condition matching portion and the target value is described by the relational operator. 11 . A method of selective encryption, the method comprising: receiving, at an edge encryption proxy in a first network, an unencrypted data stream, from a client device in the first network, and wherein the unencrypted data stream indicates a recipient, wherein the recipient is an external device in a different network; generating a partially encrypted data stream by selectively encrypting the unencrypted data stream based on communication encryption rules and data encryption configuration information, wherein a sensitive portion of the unencrypted data stream is omitted from the partially encrypted data stream, and wherein an encrypted portion generated by encrypting the sensitive portion is included in the partially encrypted data stream; and transmitting the partially encrypted data stream to the recipient such that recipient is prevented from decrypting the encrypted portion and the encrypted portion is stored as encrypted data. 12 . The method of claim 11 , wherein generating the partially encrypted data stream includes: evaluating the unencrypted data stream using the communication encryption rules to identify a candidate sensitive portion; and evaluating the candidate sensitive portion using the data encryption configuration information to identify the candidate sensitive portion as a sensitive portion. 13 . The method of claim 12 , wherein a communication encryption rule from the communication encryption rules includes a rule condition and a content mapping. 14 . The method of claim 13 , wherein evaluating the unencrypted data stream using the communication encryption rules includes: identifying a rule condition matching portion of the unencrypted data stream based on an operand reference indicated by the rule condition; and identifying the unencrypted data stream as matching on the communication encryption rule on a condition a relationship between the rule condition matching portion and a target value indicated by the rule condition is described by a relational operator indicated by the rule condition. 15 . The method of claim 13 , wherein selectively encrypting the unencrypted data stream includes: identifying the sensitive portion based on the content mapping. 16 . The method of claim 13 , wherein selectively encrypting the unencrypted data stream includes: determining that the content mapping corresponds with data encryption configuration information identifying a data storage container for storing sensitive information. 17 . The method of claim 11 , wherein generating the partially encrypted data stream includes generating the partially encrypted data stream such that the partially encrypted data stream includes: a first unencrypted portion, wherein the first unencrypted portion precedes the s