You are specifying security requirements for an IaaS service that hosts multiple virtual machines. What are the critical security controls you would recommend to protect against unauthorized access and data breaches? Consider network security, virtual machine security, and data encryption.