A company is migrating an application to the cloud and will store highly sensitive files in an object storage service. To adhere to their strict security protocols, the encryption keys must remain solely under the company's control and not be transmitted outside their environment. Which technique should the application developers use to protect the files before transferring them to the storage service?
Activate automatic encryption provided by the object storage service upon file upload
Encrypt files on-premises using the company's own encryption mechanisms and keys prior to upload
Designate the cloud provider’s key management service to handle encryption key generation and rotation
Leverage the cloud platform to supply encryption keys each time files need to be secured