- Can I enabled HTTPS between the web client tier and the middle tier to secure the data in motion ?
- Are there any other “security” such as data encryption between the web client tier and middle tier ?
As far as I know, there is no built-in network security features between web client tier and middle tier. If you need encryption there you can use standard Tomcat/Jetty/ SSL settings.
I would recommend using VPC features of clouds (e.g. AWS, GCP and others). It is much simpler than setting up SSL certificates on each middle-ware server.
Encryption in transit
AWS provides secure and private connectivity between EC2 instances of all types. In addition, some instance types use the offload capabilities of the underlying hardware to automatically encrypt in-transit traffic between instances, using AEAD algorithms with 256-bit encryption. There is no impact on network performance. For more information about instance encryption, see Encryption in transit in the Amazon EC2 User Guide for Linux Instances .
And only if you are setting up your own servers then set up SSL on middle-ware Tomcat instances.