Certified Ethical Hacker (CEH v13) — Question 132

You work as a cloud security specialist at SkyNet Solutions. One of your clients is a healthcare organization that plans to migrate its electronic health record (EHR) system to the cloud. This system contains highly sensitive personal and medical data. As part of your job, you need to ensure the security and privacy of this data while it is being transferred and stored in the cloud. You recommend that data should be encrypted during transit and at rest. However, you also need to ensure that even if a cloud service provider(CSP) has access to encrypted data, they should not be able to decrypt it. Which of the following would be the most suitable strategy to meet this requirement?

Answer options

• A. Rely on network-level encryption protocols for data transfer.
• B. Use SSL/TLS for data transfer and allow the CSP to manage encryption keys.
• C. Utilize the CSP's built-in data encryption services.
• D. Use client-side encryption and manage encryption keys independently of the CSP.

Correct answer: D

Explanation

The correct answer is D because client-side encryption allows you to control the encryption keys independently, ensuring that the CSP cannot access or decrypt the sensitive data. Options A and B do not provide the necessary level of security since they either rely on the CSP for key management or do not specify client-side control. Option C also fails to meet the requirement as it allows the CSP to manage encryption, which could compromise data confidentiality.