312-50V13 · Question #590
You work as a cloud security specialist at SkyNet Solutions. One of your clients is a healthcare organization that plans to migrate its electronic health record (EHR) system to the cloud. This system
The correct answer is D. Use client-side encryption and manage encryption keys independently of the CSP.. To ensure a cloud service provider cannot decrypt sensitive EHR data, client-side encryption with independent key management is the most suitable strategy.
Question
Options
- ARely on network-level encryption protocols for data transfer.
- BUse SSL/TLS for data transfer and allow the CSP to manage encryption keys.
- CUtilize the CSP's built-in data encryption services.
- DUse client-side encryption and manage encryption keys independently of the CSP.
How the community answered
(14 responses)- A7% (1)
- C14% (2)
- D79% (11)
Why each option
To ensure a cloud service provider cannot decrypt sensitive EHR data, client-side encryption with independent key management is the most suitable strategy.
Network-level encryption protocols protect data in transit but do not prevent the CSP from accessing or decrypting data once it is at rest on their servers if they manage the encryption keys.
Relying on SSL/TLS for data transfer is essential for transit, but allowing the CSP to manage encryption keys means the CSP could potentially decrypt the data stored at rest.
Utilizing the CSP's built-in data encryption services typically means the CSP manages the encryption keys, which allows them to decrypt the data, failing to meet the specific requirement.
Client-side encryption, where data is encrypted before being sent to the cloud, combined with the client managing the encryption keys independently of the CSP, ensures that the CSP only receives and stores encrypted data and has no means to decrypt it. This provides the highest level of data confidentiality as the organization retains full control over the decryption process.
Concept tested: Client-side encryption and key management
Source: https://learn.microsoft.com/en-us/azure/security/fundamentals/encryption-overview
Topics
Community Discussion
No community discussion yet for this question.