The correct answer is the use of encryption for both data at rest and data in transit. Encryption at rest protects data stored on disk from unauthorized access if the storage medium is compromised. Encryption in transit safeguards the data as it moves between systems, preventing interception by unauthorized users. Using encryption for both states of data adheres to best practices for securing sensitive data in the cloud. SSL/TLS is a protocol for securing data in transit but does not directly protect data at rest. Multi-factor authentication is a user authentication mechanism, not data encryption. Network ACLs are used to control traffic to and from subnets but do not encrypt data.