CyberSecurityTips #29: Where in the application cloud stack should we implement encryption?

This would depend on the service model you have.

For IaaS you can and should implement it on the volume/object storage, any databases you have, and the application itself.
For PaaS you are mostly likely to have to build it in your application, you should have very skilled developers on your side for this!
For SaaS, you likely have to rely on the cloud provider, we recommend looking for BYOK or Bring your own #Keys.