A team of data custodians must regularly oversee the lifecycle of encrypted backups. Which method most effectively secures the necessary key management service while allowing the custodians controlled and auditable access?
Assign policies within the key management service to the custodian accounts
Utilize Identity and Access Management policies to tailor custodian privileges to the key management service
Create individual keys for each data custodian's personal account management
Implement access using resource-based policies to ensure custodians can manage their scope of work