Data security can be the furthest from your mind when doing your startup company. You have a short runway to get a product out the door and get happy customers. Security? Spending scarce resources on it?
I am helping a company now with these very same questions. The path of least resistance has been to standardize on Box business plan for all data and Apple computers and devices. Why? From a cost basis, they are very economical and they have the necessary security bells and whistles you need today. And most importantly, the users like them and will use them (and you don't need a part time IT person to manage them).
The first thing I do is turn on 2 factor authentication (when you login on a new device, a code is sent to your phone for verification). Both Box and Google for business support this. I turn on full disk encryption for Apple computers (put in a password) and passcodes for iPads and iPhones. And enable the ability to remote wipe any stolen or lost computer or device. Pretty simple, but you would be surprised at the number of people who don't do this. And it's built in (no additional cost).
On the Box side, make sure you require a passcode to access it from your iPad or iPhone. Since you have Box business, pin devices / computers to your users and you can restrict what applications your users use with Box. You can restrict content that can be shared or not.
With Apple and Box, you get a lot of data security built in. Think of this as a security well.
You start at the top with the basics and as you grow you increase security measures as you progress down the well and need more protection. Now that wasn't that hard was it?