Amazon Web Services Inc. today added a new encryption feature to its DynamoDB database service in order to help better secure users’ data.

DynamoDB is Amazon’s NoSQL database service, which is designed for storing and retrieving unstructured data, and is typically used for big-data workloads and analysis. With the new update, Amazon says users can choose to encrypt data stored “at rest,” that is, when it’s not being used. The option is not switched on by default, so users will have to enable it manually when creating a new database table.

AWS chief evangelist Jeff Barr in a blog post that the encryption adds no storage overhead and is “completely transparent; you can insert, query, scan, and delete items as before.” He added that the AWS team didn’t see any changes in latency after enabling encryption and running several different workloads on an encrypted DynamoDB table.

The new encryption option is just one of several new features Amazon has added in recent months to improve data security. It comes after Amazon’s biggest public cloud rival, Microsoft Corp., launched its own NoSQL database service last year called Azure Cosmos DC, which offers encryption at rest as a default option.

To take advantage of the new feature, users will have to be running their DynamoDB database in Amazon’s U.S. East (North Virginia), U.S. East (Ohio), U.S. West (Oregon), and EU (Ireland) regions. There’s no word yet on when the feature might be available in other regions, though Amazon usually tends to roll out these kinds of updates worldwide fairly rapidly.

Image: Thomas Cloer/Flickr