Due to financial regulations, your company must protect customers' personally identifiable information (PII). This data must be encrypted, access-controlled, and compliant with key data protection standards. In addition to using Cloud Data Loss Prevention (Cloud DLP), you want to follow Google’s best practices for access control using service accounts. What is the recommended approach?