Certificate of Cloud Security Knowledge (CCSK) — Question 62

ENISA: Because it is practically impossible to process data in encrypted form, customers should have the following expectation of cloud providers:

Answer options

• A. Provider should be PCI compliant
• B. Provider should immediately notify customer whenever data is in plaintext form
• C. Provider must be highly trustworthy and have compensating controls to protect customer data when it is in plaintext form
• D. Provider should always manage customer encryption keys with hardware security module (HSM) storage
• E. Homomorphic encryption should be implemented where necessary

Correct answer: C

Explanation

The correct answer is C because it emphasizes the need for trust and adequate controls when customer data is exposed in plaintext. Options A, B, D, and E, while relevant to data security, do not specifically address the requirement for trustworthiness and compensating controls that are critical when data is not encrypted.