A financial institution needs to secure sensitive customer data at rest within its database servers. The data includes highly sensitive personal details which if exposed, could lead to identity theft. The institution also requires the ability to quickly access and process this data while maintaining its security posture. Which of the following is the MOST appropriate security control to implement?
Field-level encryption
Whole database encryption
Data tokenization for all customer records
Frequent rotation of encryption keys
Enforcing granular file permissions on the database files