This image shows the three requirements for implementing data security.
Data Classification
- Create defined tags to classify data based on sensitivity
- Monitor CRUD operations for sensitive data
Encryption Requirements
You must set up data encryption for data at rest or in transit.
- Data at rest: Create and use customer-managed keys to encrypt workload data
- Data in transit:
- Configure WAF policy for external-facing workload
- Create and configure CA signed certificates for every workload interface
Data Backup and Archival
Create data backup and archival lifecycle policies.