Thanks for the suggestions. Our app uses sensitive data (Customer's name, address, etc., 30k new entries/month) and they don't want that to be leaked. Their biggest concern is accessing the webpage and having that data being served through HTTP (We bought an SSL certificate and all our data goes through HTTPS, but still).
It looks like a mobile app is part of your solution. How are drivers' phones going to access your servers?
I'm really speculating here, but do they want to run the service in a private IP space (inaccessible from the Internet) and have their driver's phones VPN in? If so, maybe you could run a standalone instance of the app in AWS without public IPs, and bridge that to their corporate network using http://aws.amazon.com/vpc/
Bingo! Yesterday we came up with a very similar solution. We'll be proposing it as an alternative today, we'll see how it goes. What we'll do is VPN the DB connection to their private servers, and manage the Redis/Mongo (non-sensitive) in the standard AWS stack. We already do it that way now, but using an internal DB server in AWS.
Fortunately, they haven't made any comments on the mobile app connection/data storage yet :) . That's a bigger problem I guess, since we need the phone's internal DB to store some data (it needs to work offline). I mean, they are secure enough, but given our client's previous records I don't think they'll share our opinion.
