Hello Glenn,
Canvas Data currently has flat file repository currently has an S3 Bucket encryption policy set on the server side from loading, and translating those flat files. When downloaded over HTTPS it meets the encryption in transit.
As for Redshift instances they communicate over SSL for encryption in transit, and it is on the todo list to implement at rest encryption for redshift, as well as enforce encryption on the server side policy. As for who can connect to your redshift instance it is only users in your Canvas Data portals due to the way AWS sets ups Users, and have their IAM. If you have further questions you can contact Canvas Support, your CSM, or IC.
This discussion post is outdated and has been archived. Please use the Community question forums and official documentation for the most current and accurate information.