Excel Workbooks can be protected with a password. Starting with the 2010 version of Excel, AES128 is used to encrypt password-protected files. Under certain circumstances (Windows Policy), even AES256 can be used, see https://technet.microsoft.com/en-us/library/cc179125(v=office.14).aspx.
Even if the password protection of previous versions was a bit discredited and there were various tools for cracking, Microsoft has corrected the 2010 version properly. AES128/256 is actually the current encryption standard and is so far considered "uncrackable". The important thing is to choose "Encrypt with Password" instead of simply protect your spreadsheet with a password before editing (which most users understand under Excel password protection).
Compared to the on-premises hosting, this solution is especially charming because it does not require any special IT requirements. Theoretically it is not necessary to involve the IT at all. Every user can create and encrypt Excel files by themselves. Thanks to encryption, the files can easily be stored in the Open as App Cloud - no infrastructure needed in the company.
With the use of password-protected Excel files, companies can now tackle an iterative roll-out process, depending on how well the appeal of Open as App in the company is. Piece by piece more features could be added until you finally end up at the on-premises hosting in your own infrastructure.
Replace dummy file with encrypted file
Please note that the app creation in the web portal must be done with an unencrypted file (with dummy data), otherwise the wizard cannot recognize the formatting of the cells. The unencrypted file with which the app was created can be replaced by a password-protected encrypted version before the final rolout. See the article "Update the Source file of your app" for more information.
Ignore the error message displayed after uploading the encrypted file. This only means that the wizard cannot open the file. After you save the changes to the app, the encrypted file will still be available on the mobile devices.
Entering passwords on the client
Thanks to state-of-the-art encryption, the files can be stored in the cloud, no one can access their content without a password, not even Open as App. Users of the app must enter the Excel password (just like they would have to, it if they would open the Excel on the PC) when they open the app on the client. Optionally, the user may decide to store the password on his mobile device in order to not have to re-enter it at each startup.
This feature is currently only available on Android and iOS devices. It is not possible to write back data.