We have custom authentication and authorization mechanism. Short speaking "device" try to authenticate in Mobeelizer with vendor, application and instance fields sending also user login and password fields. When authentication has passed "device" get user authorization role, which is used to authorize user in application. To protect our data authorization (model and field credentials - update, delete etc.) is also executed on the server side.
We provide communication layer security via an SSL.
Data on client side is not encrypted but we don't keep passwords on that side.
On the server side passwords is encrypted by the sha 256 - cryptographic hash function.
We also use many of Amazon security mechanisms. You can read more about this.
Database and backups
We use Amazon RDS with MySQL database internally. We are working with automated backups (the backup retention period = 1 day). We have had last 3 backups and can restore DB instance to a specified time. All "devices" (mobile and enterprise client) have a local copy of data, so indirectly you have a backup of your data. In some cases you could use Data browser to get your records or write appropriate adapter to snapshot your data.