A company is rolling out a new application on AWS that will handle sensitive customer information. The security team mandates that all customer data must be encrypted not only when stored (at rest) but also as it moves between services (in transit). Which of the following solutions should the development team implement to ensure compliance with the security team's mandate?
Encrypt sensitive database columns at rest and ensure IAM policies for database access are in place.
Use built-in database encryption at rest and rely on network ACLs for data in transit.
Apply strict IAM policies to control access to data but rely on the application to handle encryption.
Use Amazon S3 with Server-Side Encryption (SSE) and leverage HTTPS for data in transit.