Confidentiality controls: encryption (at rest, in transit), access controls (authentication + authorization + least privilege), data classification, need-to-know principle, DLP, MFA, physical security.
Confidentiality = prevent unauthorized disclosure. Threatened by: eavesdropping, insider theft, data breach, social engineering. CIA triad: Confidentiality + Integrity + Availability. Each has specific threats and controls. Balance all three — over-securing one often harms another.