| Layer | Mechanism | Threat Mitigated | |-------|-----------|------------------| | | OS-level (BitLocker, LUKS) | Theft of physical drives | | Database | Transparent Data Encryption (TDE) | DB backup theft | | Application-level | OpenPGP or AES-256 via "Encrypt File" task | Storage provider compromise (S3, Azure) |