A large financial institution is migrating its Big Data analytics to Google Cloud Platform and requires maximum control over the encryption process for data stored at rest in BigQuery. Which technique should they use?