312-50V12 Question #223: Real Exam Question with Answer & Explanation

Question

As a cybersecurity consultant, you are working with a client who wants to migrate their data to a Software as a Service (SaaS) cloud environment. They are particularly concerned about maintaining the privacy of their sensitive data, even from the cloud service provider. Which of the following strategies would best ensure the privacy of their data in the SaaS environment?

Options

• AImplement a Virtual Private Network (VPN) for accessing the SaaS applications.
• BRely on the cloud service provider's built-in security features.
• CEncrypt the data client-side before uploading to the SaaS environment and manage encryption
• DUse multi-factor authentication for all user accounts accessing the SaaS applications

Explanation

When migrating sensitive data to a SaaS environment, client-side encryption with self-managed keys ensures the cloud provider cannot access plaintext data. This is the only approach that addresses the specific concern of privacy even from the provider itself.

Common mistakes.

• A. A VPN encrypts data in transit between the user and the SaaS application but does not protect data once it is stored on the provider's servers, meaning the provider can still access plaintext data at rest.
• B. Relying solely on the provider's built-in security features means the provider controls the encryption keys, giving them potential access to the client's data and defeating the goal of privacy from the provider.
• D. Multi-factor authentication strengthens access control and identity verification but does not encrypt or protect the underlying stored data from being accessed by the cloud service provider's administrators or systems.

Concept tested. Client-side encryption and key management in SaaS

Reference. https://learn.microsoft.com/en-us/azure/security/fundamentals/encryption-overview

No community discussion yet for this question.