A team of data custodians must regularly oversee the lifecycle of encrypted backups. Which method most effectively secures the necessary key management service while allowing the custodians controlled and auditable access?
Create individual keys for each data custodian's personal account management
Utilize Identity and Access Management policies to tailor custodian privileges to the key management service
Implement access using resource-based policies to ensure custodians can manage their scope of work
Assign policies within the key management service to the custodian accounts