Certified Ethical Hacker (CEH v12) — Question 157

You work as a cloud security specialist at SkyNet Solutions. One of your clients is a healthcare organization that plans to migrate its electronic health record (EHR) system to the cloud. This system contains highly sensitive personal and medical data. As part of your job, you need to ensure the security and privacy of this data while it is being transferred and stored in the cloud. You recommend that data should be encrypted during transit and at rest. However, you also need to ensure that even if a cloud service provider(CSP) has access to encrypted data, they should not be able to decrypt it. Which of the following would be the most suitable strategy to meet this requirement?

Answer options

• A. Rely on network-level encryption protocols for data transfer.
• B. Use SSL/TLS for data transfer and allow the CSP to manage encryption keys.
• C. Utilize the CSP's built-in data encryption services.
• D. Use client-side encryption and manage encryption keys independently of the CSP.

Correct answer: D

Explanation

The correct answer is D, as it allows the organization to encrypt data before it is sent to the cloud, maintaining control over the encryption keys and ensuring that the CSP cannot decrypt the sensitive information. Options A and B do not provide adequate security since they either rely on the CSP for key management or do not prevent the CSP from accessing unencrypted data. Option C also compromises security by using the CSP's services for encryption, which could lead to potential access to the data.