This image shows the three requirements for implementing data security.

Data Classification

1. Create defined tags to classify data based on sensitivity
2. Monitor CRUD operations for sensitive data

Encryption Requirements

You must set up data encryption for data at rest or in transit.

• Data at rest: Create and use customer-managed keys to encrypt workload data
• Data in transit:
  1. Configure WAF policy for external-facing workload
  2. Create and configure CA signed certificates for every workload interface

Data Backup and Archival

Create data backup and archival lifecycle policies.