You need to ensure that data on Compute Engine disks is encrypted at rest using keys managed by Cloud Key Management Service (KMS). Additionally, Cloud IAM permissions for these keys must be managed collectively, as the same permissions apply to all keys. What should you do?
