Edge encryption

What is claimed is: 1 . A system operable to encrypt portions of data for storage in a remote network, the system comprising: a memory; and a processor; wherein the memory includes instructions executable by the processor to cause the system to: receive data for forwarding to a server device, wherein the received data comprises an indication of one or more portions of the received data to be encrypted; identify a portion comprising the one or more portions of the received data based at least in part on the indication; encrypt the identified portion of the data; generate a payload that comprises the encrypted portion and one or more unencrypted portions of the received data; and transmit, to the server device, the payload. 2 . The system of claim 1 , comprising an agent device that is configured to: invoke a discovery probe against a target device to obtain probe data; generate the indication of one or more portions of the probe data; and transmit, to a gateway device, the data for forwarding to the server device, wherein the gateway device includes the processor and wherein the data includes the probe data with the indication. 3 . The system of claim 1 , wherein the memory includes instructions executable by the processor to cause the system to: determine a match between the identified portion of the data and a pattern; and wherein the identified portion of the data is identified based in part on the match. 4 . The system of claim 3 , wherein the pattern is a regular expression and the identified portion of the data comprises a string. 5 . The system of claim 1 , wherein the memory includes instructions executable by the processor to cause the system to: determine metadata based on the portion of the data, wherein the metadata indicates one or more properties of the portion of the data and enables one or more operations to be performed by the server device that depend on the one or more properties; and wherein the generated payload comprises the metadata. 6 . The system of claim 1 , wherein the indication comprises a header that includes one or more pointers to the one or more portions of the received data to be encrypted. 7 . The system of claim 1 , wherein the memory includes instructions executable by the processor to cause the system to: transmit, to the server device, a request to update software of a gateway device, wherein the request comprises data encrypted using a key associated with the gateway device; receive, from the server device, a command to update software, wherein the command comprises the data encrypted using the key associated with the gateway device; check whether the command comprises data that was encrypted using the key associated with the gateway device; and responsive to determining that the command comprises data that was encrypted using the key associated with the gateway device, update software of the gateway device. 8 . The system of claim 1 , wherein the instructions for encrypting the identified portion of the data include instructions executable by the processor to cause the system to: receive a key from a key server operated by an entity that does not operate the server device; and wherein the key is used to encrypt the identified portion of the data. 9 . A method comprising: receiving a message that includes data for forwarding to a server device and an indication of one or more portions of the data to be encrypted prior to forwarding; identifying a portion of the data based at least in part on the indication; encrypting the identified portion of the data to generate an encrypted portion; and transmitting, to the server device, a payload including the data with the encrypted portion substituted for the identified portion of the data. 10 . The method of claim 9 , comprising: invoking a discovery probe against a target device to obtain probe data; generating the indication of one or more portions of the probe data; generating the message, wherein the data includes the probe data; and transmitting the message to a gateway device. 11 . The method of claim 9 , comprising: determining a match between the identified portion of the data and a pattern; and wherein the identified portion of the data is identified based in part on the match. 12 . The method of claim 11 , wherein the pattern is a regular expression and the identified portion of the data comprises a string. 13 . The method of claim 11 , wherein the pattern is specified in a graphical user interface. 14 . The method of claim 9 , wherein the indication comprises a header for the message that includes one or more pointers to the one or more portions of the data to be encrypted. 15 . The method of claim 9 , comprising: transmitting, to the server device, a request to update software of a gateway device, wherein the request comprises data encrypted using a key associated with the gateway device; receiving, from the server device, a command to update software, wherein the command comprises the data encrypted using the key associated with the gateway device; checking whether the command comprises data that was encrypted using the key associated with the gateway device; and responsive to determining that the command comprises data that was encrypted using the key associated with the gateway device, updating software of the gateway device. 16 . The method of claim 9 , wherein encrypting the identified portion of the data comprises: receiving a key from a key server operated by an entity that does not operate the server device; and wherein the key is used to encrypt the identified portion of the data. 17 . A system operable to encrypt portions of data for storage in a remote network, the system comprising: a memory; and a processor; wherein the memory includes instructions executable by the processor to cause the system to: receive a message that includes data for forwarding to a server device, wherein one or more portions of the data are marked for encryption prior to forwarding; identify a portion comprising the one or more portions of the data based at least on the one or more portions of the data being marked for encryption; encrypt the identified portion of the data; generate a payload that comprises the encrypted portion of the data and one or more unencrypted portions of the data and omits the identified portion of the data; and transmit the payload to the server device. 18 . The system of claim 17 , comprising an agent device that is configured to: invoke a discovery probe against a target device to obtain probe data; mark one or more portions of the probe data for encryption; generate the message, wherein the data includes the probe data; and transmit the message to a gateway device that includes the processor. 19 . The system of claim 17 , wherein the memory includes instructions executable by the processor to cause the system to: determine a match between the identified portion of the data and a pattern; and wherein the identified portion of the data is identified based in part on the match. 20 . The system of claim 17 , wherein the one or more portions of the data are marked for encryption with Boolean flags included in a protocol buffer message.