As the Information Security Officer for an EU delegation abroad, you must implement technical measures to protect personal data of EU citizens that are stored in a third-party cloud computing platform, according to the General Data Protection Regulation (GDPR). Given that the delegation does not have direct control over the physical infrastructure of the provider, which of the following measures is the MOST CRITICAL to ensure compliance with the principle of 'integrity and confidentiality' (Article 5.1.f) of the GDPR in this scenario of shared responsibility?