Is the G2 data encrypted at rest?
Yes, it can be. Encrypting G2's data at rest is handled by the specific data store being used.
IBM DB2: If you are using G2's default data store (IBM DB2 Express-C), refer to this: http://www.ibm.com/support/knowledgecenter/SSEPGG_10.5.0/com.ibm.db2.luw.licensing.doc/doc/c0058536.html
AWS Aurora: If you are using AWS Aurora, refer to this: https://aws.amazon.com/about-aws/whats-new/2015/12/amazon-aurora-now-supports-encryption-at-rest/
MySQL: If you are using MySQL or MariaDB, refer to this: https://www.percona.com/blog/2016/04/08/mysql-data-at-rest-encryption/.
Are there options to anonymize fields closest to source systems before the data is submitted to the G2 system?
There is an advanced G2 feature called Selective Anonymization that allows data owners to one-way hash selected fields (e.g., driver's license and date of birth) before the data is submitted to G2 for Entity Resolution.
Here are a few articles on the concept and method:
NOTE: This is an advanced feature that currently requires consultation.