Classify and label data based on sensitivity and regulatory requirements.

• Enforce tagging policies for all cloud resources to track data sensitivity
• Use cloud-native discovery tools (AWS Macie, GCP DLP) to identify PII/PHI in storage
• Apply differential IAM policies based on resource tags