You need to implement an encryption at-rest strategy that reduces key management overhead for non-sensitive data while protecting sensitive data, offers control over key residency and rotation schedules, and meets FIPS 140-2 Level 1 compliance for all data. What should you do?