How do you design data pipelines to comply with strict security controls, such as data-at-rest encryption and fine-grained access control?