A financial institution requires compliance with a regulation that mandates the use of validated hardware security modules to encrypt data at rest. Which service should be implemented to satisfy this prerequisite, given the need for FIPS 140-2 validation for key storage?
Secrets storage and management service
Key Management Service (KMS)
CloudHSM
Object storage service with server-side encryption options