1. Implementing least privilege access (ensuring users only have the permissions they need)
  2. Using Identity and Access Management (IAM) to control and monitor who accesses systems
  3. Encrypting data at rest and in transit to prevent unauthorized access
  4. Applying zero-trust security to verify every access request, even from internal users