During the next week or so, you will be having an outage late at night as we move your databases to a new RDS instance. We have to do it manually, one database at a time.
Right now, most of you have your data separated from your application and running on a separate database server. This is a very good practice.
However, there are some new security standards coming in the industry. High volume clients want to know that your data is encrypted at rest, that the backups are encrypted and that the data is also encrypted in transit.
We like to use the AES-256 algorithm that is recommended by NSA Suite B for protection of information up to Top Secret.
After we have moved all of your databases, we will begin locking down the application servers to also only communicate via encrypted SSL and add some better logging to truly round out your security.
When we're done, you are going to have some serious bragging rights about your architecture and security policies.
2016 is going to be a big year for all things security-related. Some of it is going to be an inconvenience for you but as your software vendor, we have a responsibility to take the initiative on this.
If you are running your own server..... Please contact us about running on our servers instead. It is hard to configure this kind of encryption at all of these levels and your in-house people might not be familiar with it.