A client needs to implement end-to-end encryption for application data, covering data in transit, data in use, and data at rest on Google Cloud. Which two solutions should you recommend?