An organization wants to ensure its confidential data is isolated in a multi-tenanted environment at a well-known cloud service provider. Which of the following is the BEST way to ensure the data is adequately protected?
A.
Verify the provider follows a cloud service framework standard.
B.
Review the provider's information security policies and procedures.
C.
Obtain documentation of the encryption management practices.
D.
Ensure an audit of the provider is conducted to identify control gaps.
If the option is there to get an audit of the providers security controls, then that would absolutely be the BEST way to ensure proper protections are in place.
Reviewing Information Security Policies and Procedures: This step involves a comprehensive assessment of the cloud service provider's security policies and procedures. It allows you to understand how the provider handles data security, access controls, incident response, and various other security aspects. By reviewing these policies and procedures, you can assess the provider's commitment to security and their ability to protect your confidential data effectively.
The correct answer is C. Obtain documentation of the encryption management practices.
Explanation: Among the options provided, obtaining documentation of the encryption management practices is the best way to ensure that confidential data is adequately protected in a multi-tenanted environment at a cloud service provider.
Here's why this option is the best choice:
C. Obtain documentation of the encryption management practices: In a multi-tenanted environment, where multiple organizations share resources, encryption is a critical mechanism for isolating and protecting data. Documentation of encryption management practices provides insight into how the provider handles encryption, key management, and data isolation for ensuring confidentiality.
D. Ensure an audit of the provider is conducted to identify control gaps: While auditing the provider is valuable for assessing overall security, obtaining documentation of encryption practices is a more direct way to understand how data protection is being achieved.
D
Why not B? - Reviewing their policies wouldn't actually prove that they're compliant, it would only prove that their box ticking exercises are in order.
Why D? - Auditing them and identifying issues would be a far better way to ensure they're doing things properly rather than leaving them to mark their own homework or put policy in place that they don't necessarily follow.
Answer is A as it is most correct
Reviewing policy doesn't guarantee or give comfort that data is well protected.
An audit is fine, but the way the answer phrases it is wrong, an audit for assurance would have been a better choice than an audit to identify control gaps, which is not inline with our requirement.
The BEST way to ensure that confidential data is adequately protected in a multi-tenanted environment at a cloud service provider is to review the provider's information security policies and procedures. This will help to ensure that the provider has implemented appropriate security controls and measures to protect data confidentiality, integrity, and availability.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
kortcl
Highly Voted 1 year, 6 months agoe891cd1
Most Recent 3 months, 3 weeks agooluchecpoint
1 year agooluchecpoint
1 year agoAgamennore
1 year agoHugo1717
1 year agoAaronS1990
1 year agoLotanna_
1 year, 1 month agoDopy
1 year, 2 months agorichck102
1 year, 3 months agoAbhey
1 year, 4 months agoN1co_o
1 year, 6 months ago