full ack what tflidd said. encryption doesn’t add to the application security, it only protects against attack from “malicious admin” - somebody with access to the underlying system.
Improving application security is more about securing user loging (2fa / mfa), monitoring and backups. More details are here: