A healthcare company is migrating patient data to Google Cloud and needs to comply with data privacy regulations such as HIPAA. The company wants to ensure data is secure in storage and access is tightly controlled. Which two actions would best help the company secure this sensitive data and comply with regulations? (Select two)