In a Delta Lake environment, ensuring data privacy and security is paramount, especially when handling sensitive data. Consider a scenario where your organization is subject to strict compliance regulations requiring both data at rest and in transit to be encrypted, alongside stringent access controls and data masking for sensitive information. Given these constraints, which of the following strategies would BEST meet these requirements while also considering scalability and cost-effectiveness? Choose one option.