Certificate of Cloud Security Knowledge (CCSK) — Question 93

What is the best way to ensure that all data has been removed from a public cloud environment including all media such as back-up tapes?

Answer options

• A. Allowing the cloud provider to manage your keys so that they have the ability to access and delete the data from the main and back-up storage.
• B. Maintaining customer managed key management and revoking or deleting keys from the key management system to prevent the data from being accessed again.
• C. Practice Integration of Duties (IOD) so that everyone is able to delete the encrypted data.
• D. Keep the keys stored on the client side so that they are secure and so that the users have the ability to delete their own data.
• E. Both B and D.

Correct answer: B

Explanation

Option B is correct because managing your own keys and revoking them ensures that the data cannot be accessed again, effectively removing it. Option A is incorrect as allowing the provider to manage keys poses a risk of data exposure. Option C does not ensure secure deletion, and option D, while it provides user control, does not guarantee that all data is effectively deleted. Option E includes B, which is correct, but D alone does not provide the same level of security.